4/30/2006 - Safari Denial of Service Vulnerability
A vulnerability is present in Apple Mac OS X Safari (2.0.3) that may allow for a denial of service attack. Successful exploitation would involve coercing a victim to a malicious website that contains HTML with an unusually large rowspan value. This will cause resource exhaustion that could further lead to a complete denial of service. Proof of concept code does exist.
Full Bulletin
4/28/2006
- VB2006 Program Released
The
Virus
Bulletin 2006 program has been posted. On Friday, October
13, Marius van Oers (McAfee
AVERT) will be presenting on "Macintosh
OS X Binary Malware". This should make for a very
interesting, and highly technical discussion. We'll see you
all in Montreal!
4/28/2006
- Is Apple Going to Spy On Us?
Apple
has filed a patent
for a flat-panel LCD screen which would have the ability
to record video via "tiny image sensors in between
the LCD cells of the flat-panel monitor". While this
sounds extremely "cool" and innovative, one can
already speculate on the misuse of such an "embeded"
feature. What if a crafty piece of malware were to activate
this recording functionality and then transmit video of you
to some unknown destination? It will be interesting to see
how this plays out.....
4/26/2006
- Multiple PHP4/PHP5 Vulnerabilities
PHP4/PHP5
wordwrap() buffer overflow
PHP4/PHP5 array_fill() DoS condition
PHP5 substr_compare() DoS condition
The
full advisory is available here.
Versions 4.4.2
and
5.1.2 are affected.
4/26/2006
- Ubuntu Security Notices
USN-273-1:
Ruby vulnerability (CVE-2006-1931)
USN-272-1:
cyrus-sasl2 vulnerability (CVE-2006-1721)
4/25/2006
- Security Fixes in Thunderbird 1.5.0.2
Mozilla
released Thunderbird 1.5.0.2 on April 21, 2006. Several
security issues were addressed. Thunderbird 1.5.0.2 can
be acquired from Mozilla.org
4/25/2006
- Mac OS X Attracting More Malware...
A
number of articles have appeared lately, which continue to
claim that the move to Intel, and the ability to boot Windows,
will make the Macs more attractive to virus/worm/trojan writers.
We feel it necessary to chime in.......
These
articles typically fail to differentiate between the Mac OS
X *platform*, and the hardware. If you ask..."Will the
Mac OS be more susceptible". The answer is ...'possibly'.
As Mac OS X itself gains popularity...the potential for such
exploitation could grow. That holds true for any OS. However,
if you are specifically referring to the Apple hardware..booting
into Windows...than the answer would be "Yes". If
you boot your Intel-based Mac into Windows...your exposure
to Windows-based threats is equal to that of any other Windows
user. One may even argue that the exposure is greater given
that some Mac users may not be accustomed to maintaining all
the safeguards required to "secure" the Windows
OS....
Macs,
long a safe haven, face growing security risk
Experts
Say Macs More Vulnerable To Computer Viruses
Linux
on Mac Could Spike Attackers' Interest
Wise up, Mac users; viruses can get you, too
|