magmatic.com - Squawk Box

MAAS History

Critical JavaScript Vulnerability in Firefox 3.5

Tuesday, July 14, 2009 at 07:27PM

There is a critical vulnerability in the JIT compiler in Firefox 3.5. It is possiable that an attacker by directing a user to a maliciously crafted site will be able to execute code or trigger a uncontrolled system crash. Users should be using NoScript for all web surfing in Firefox. In addition users can disable JavaScript, Run in SafeMode or disable JIT in the JavaScript engine.

In the location bar enter about:config
Filter to jit
Set the value of javascript.options.jit.content to false.

Disabling javascript.options.jit.content will slowdown performance and is temporary. Once the fix is released and installed users should set this value back to true.

Update on Sunday, July 19, 2009 at 09:21PM by

drStrangeP0rk

Mozilla Security Blog reports that exploit the crash is not exploitable in version 3.5.1. The crash is reported to occur in the ATSUI(Apple Type Services for Unicode Imaging) system library which is the result of a failure to check allocation results.

http://blog.mozilla.com/security/2009/07/19/milw0rm-9158-stack-overflow-crash-not-exploitable-cve-2009-2479/

drStrangeP0rk |

Post a Comment |

1 Reference |

Firefox Exploits,

Zero Day

Thursday

Jul092009

Safari 4.0.2 Update Addresses WebKit Issues

Thursday, July 9, 2009 at 11:43AM

WebKit when handling parent objects has a vulnerability which can allow for a maliciously crafted site to conduct a XSS attack. The improvement is in the way the WebKit handles parent objects. Simple Class Dump from Safari 4.0.1In addition numeric character references crafted in a malicious way can corrupt memory leading to unexpected application termination and/or arbitrary code execution.

drStrangeP0rk |

Post a Comment |

1 Reference |

Potential Vulnerabilities,

Safari Exploits,

Software Update,

Updates

Thursday

Jul022009

RSPlug.M Variant of Old Mac Trojan

Thursday, July 2, 2009 at 02:56PM

Currently it has been reported that this Trojan is making it way across the Web hiding on music sites offering music from such artist as 2Pac. Common names of links include "Fast Mp3 Music Downloader" and "MacCinema" and a host of others listed in earlier post which offer to install codecs but instead will install RSPlug.M. Users should not install any kind of video codec or software for that matter which the source is not certified as trusted either by the organization or independent verification.

Update on Monday, July 13, 2009 at 09:04PM by

drStrangeP0rk

Link to a removal tool...

http://www.dnschanger.com/

drStrangeP0rk |

Post a Comment |

1 Reference |

Wednesday

Jul012009

Firefox 3.5 Speed Up and New Privacy Browser Mode

Wednesday, July 1, 2009 at 08:43AM

Firefox 3.5 has significant improvements in speed especially when it comes to handling JavaScript heavy pages. This now puts it on par with Safari 4.0, in my case it performs better. The major security improvements includes a safe browser mode which does not store history, cookies, temp files and other information related to your browser session. There is also the addition of the Origin header for their Content Security Policy (CSP). This is an attempt to prevent drive-by-downloads and limit the threat of Cross Site Scripting (XSS). For more information connect to the reference on the Mozilla Security Blog.

Update on Monday, July 13, 2009 at 08:47PM by

drStrangeP0rk

There have been reports that the patch of SVGLength in Firefox versions below 3.5 were not effective. The bug may even be present in version 3.5, the current work around for all versions of Firefox is to set your cahce to zero. This will prevent a DoS through an unclamped loop in SVG (public Interface SVGLength).

http://www.w3.org/TR/2002/PR-SVG11-20021115/idl.html

Update on Tuesday, July 14, 2009 at 07:17PM by

drStrangeP0rk

This issue does affect version 3.5. US Cert is recommending disabling JavaScript, currently using NoScript is an excellent way to do responsible web surfing and setting cache to zero. If users cannot conduct a determination on a case by site basis then disabling JavaScript may be the best alternative.

http://www.us-cert.gov/current/index.html#mozilla_firefox_3_5_vulnerability

drStrangeP0rk |

Post a Comment |

2 References |

Firefox Updates

Tuesday

Jun232009

Trojan Jahkav-C, more to come?

Tuesday, June 23, 2009 at 06:18PM

Similar to the way in which users are enticedto install helper applications on the PC, Mac users who visit sites that deliver porn, such as PornTube(which should be on your black list), may get more then they bargain for. The downloaded Trojan hasnames such as HDTVPlayer3.5.dmg, VideoCodec.dmg, macTubePlayer.dmg. This is not self replicating, the user is the defense and it contacts the attacker. When installing applications from the Web users should make sure they trust the source, especially if they need to provide their admin(root) password. Checking the hash (MD5 and SHA) can go a long way as well in ensuring that the file recieved is the intended file.

The Trojan works by using a Perl script that communicates over http allowing the infected computer to exchange data with the attacker. Users may also find a malicious shell scriptsAdobeFlash in the /Library/Internet Plug-Ins. This is a variant of OSX.RSPlug, OSX/Puper and OSX/Jahlav.

Update on Thursday, June 25, 2009 at 08:06AM by

drStrangeP0rk

Wow, that took less time then I though. Venture capitalist Guy Kawasaki got a surprise from an auto feed from Twitter. His followers saw post promoting a sexy video of Leighton Meester. When hitting the link OSX/Jahlav-C would be downloaded and then install. The original feed called NowPublic but lower profile accounts are spreading the Trojan via Twitter. Do not open links or install any software from un-trusted sites. You do not need any codec or ActiveX controller to watch videos. (Unless your living in 1996) If you like nude photos stick to legitimate sites and never follow links from email or social sites, most likely you will encounter malicious code.

Link to orignal article on attack

http://news.cnet.com/8301-1009_3-10272457-83.html?part=rss&subj=news&tag=2547-1_3-0-5

Update on Wednesday, August 12, 2009 at 05:02PM by

drStrangeP0rk

Dark Reading is reporting that Trend Micro has discovered a new variant called OSX_JAHLAV.D infecting computers, it still posesas as a media player. The current version is changing DNS entries and sending unsuspecting users to redirected domains. Currently various anti-virus and firewall products do detect it. Users can do a search, find it and remove it, reset their DNS in System>Preferences and flush the cache with the following command:

dscacheutil -flushcache

There are other handy options, the man page is a must read.

It is suspected that it may have been tested for creating a Mac BotNet but in its current form it represents a manageable threat. However Mac users must make sure that they have taken steps to secure their systems. Many years ago some friends and I loved making simple client servers and aliasing commands to have fun with one another. The point is all Unix/Linux boxes have security available but it must be used and managed. The Mac as a Unix (BSD) box is no different.

http://www.darkreading.com/insiderthreat/security/client/showArticle.jhtml;jsessionid=C4L1DU5LN33RVQE1GHOSKHWATMY32JVN?articleID=219200192

Update on Wednesday, August 12, 2009 at 06:32PM by

drStrangeP0rk

One more time since the article is fresh.

http://www.dnschanger.com/

http://macscan.securemac.com/osxjahlav-c-dnschanger-trojan-horse/

drStrangeP0rk |

Post a Comment |

1 Reference |

Mac OSX Trojan,

Trojan