8/4/2006
- MacBooks Used to Demonstrate WiFi Vulnerabilities at Black
Hat
A
few days ago, news
broke of Jon Ellch and David Maynor's presentation at
this year's Black
Hat conference, where they target a specific security
flaw in the MacBook's wireless card driver in order to gain
total control of the machine. This years conference also includes
a discussion on "Attacking Apple's Xsan" by Charles
Edge of Three18....
8/3/2006
- MacScan 2.2 Released
We
almost overlooked this one. Securemac has released MacScan
2.2. This release "improves scanning of spyware,
definition updates, improved stability and support for OS
10.2"
While
some may argue that the items which MacScan detects do not
fall under the consentual defintion of "Spyware"..it's
an interesting release to note nonetheless.
8/3/2006
- Mac OS X Server serialnumberd Firewall Modification Vulnerability
It
appears as though serialnumberd will always re-enable UDP
port 626, even if this port is explicitly disabled via the
Firewall preference pane GUI. So..which administrators may
have purposefully disabled this, the port may still be active,
and accepting requests on this port. Rentzsch.com
has ported a quicktime video of this behavior.
8/1/2006
- Mac OS X Security Update 2006-004
Apple
has released Security
Update 2006-004. The following components have been updated:
- AFPServer
- Bluetooth
- Bom
- DHCP
- dyld
- fetchmail
- gunzip
- Image RAW
- ImageIO
- LaunchServices
- OpenSSH
- telnet
- Webkit
- Appkit, ImageIO
For
full details on each of the security updates, check our "Security
Update 2006-004" page.
7/31/2006
- Safari KHTMLParser::popOneBlock
7/31/2006
marks the last day of HD Moore's efforts at browserfun.blogspot.com.
The 7/31 update is a Safari vulnerability. According to the
site, "Safari will dereference and call a pointer from
the heap if a script element, inside a div element, redefines
the document body. Code execution is possible, but more time
is required to develop a reliable exploit.". Read the
full
post here.
7/31/2006
- Intego ContentBarrier X4 - 10.4.1
Version
10.4.1 of ContentBarrier
has been released. New features include:
- New: Japanese, Italian, Spanish localizations
- New: Instant website unlocking is also available when
using "Restricted Access" profile and when ContentBarrier
password protection is disabled
- Performance improvements
- Enhanced reliability on Mac Intel
7/27/2006
- Mozilla Firefox 1.5.0.5 Released
Firefox
1.5.0.5 is now available. The following security fixes are
included:
MFSA
2006-56 chrome: scheme loading remote content
MFSA
2006-55 Crashes with evidence of memory corruption (rv:1.8.0.5)
MFSA 2006-54
XSS with XPCNativeWrapper(window).Function(...)
MFSA
2006-53 UniversalBrowserRead privilege escalation
MFSA
2006-52 PAC privilege escalation using Function.prototype.call
MFSA
2006-51 Privilege escalation using named-functions and
redefined "new Object()"
MFSA
2006-50 JavaScript engine vulnerabilities
MFSA
2006-48 JavaScript new Function race condition
MFSA
2006-47 Native DOM methods can be hijacked across domains
MFSA
2006-46 Memory corruption with simultaneous events
MFSA
2006-45 Javascript navigator Object Vulnerability
MFSA
2006-44 Code execution through deleted frame reference
The
1.5.0.5 is currently availble via the 'Help' menu in Firefox,
or from Mozilla's
site.
7/25/2006
- McAfee VirusScan for Mac 8.5 Beta Release
McAfee has announced the public beta of McAfee
VirusScan for Mac version 8.5.
New
Features include:
-
Universal Binary
VirusScan for Mac 8.5 beta is the first universal binary version
in the Virex product line. VirusScan for Mac will run on both
Intel- and PowerPC-based Mac computers natively.
-
On Access scanning
VirusScan for Mac 8.5 beta features True On Access Scanning.
It scans every file being accessed from or written to the
machine and blocks infections if any. On Access Scanner can
be configured to scan on Read Only, Write only or both. It
can also be configured to scan files on network volumes.
-
5100 engine support
Support for the latest McAfee Anti-Virus engine.
-
Apple Mail scanning
VirusScan for Mac 8.5 beta scans Apple Mail messages for any
infections. This feature is available through both On Demand
Scanner and On Access Scanner.
Ubuntu
Security Notice - kdelibs vulnerability (USN-322-1)
A Denial of Service vulnerability has been reported in the
replaceChild() method in KDE's DOM handler. A malicious remote
web page could exploit this to cause Konqueror to crash. Read
the full bulliten here.
7/19/2006
- Kerio Announces Universal Mail Server for Mac OS X
Kerio Technologies today announced it has launched a Universal
version of Kerio MailServer 6.2, a groupware mail server for
Mac OS X version 10.4 "Tiger." The powerful combination
of email, contacts, calendars and tasks is ideal for small
and mid-sized businesses and now it can be installed on both
Power PC and Intel-based Macs.
Read more............
7/17/2006
- McAfee's Sage Report
McAfee
has released the first issue of their Sage
Report. Included in the report is an article titled "Will
the Worm Eat the Apple" by Francois Paget of McAfee Avert
Labs. The article describes the history of OSX/Leap
and OSX/Inqtanta.
It also covers the recent "flurry" of Mac OS X /
Safari-specific vulnerabilities...and potential increase of
related threats on the horizon.
The
article definitely complements the previous white paper, also
issued by McAfee, entitled "The
New Apple of Malware's Eye: Is Mac OS X the Next Windows?".
However, there is no "scaremongering" here at all.
Rather it is a well-written article, which raised several
valid points about security on Mac OS X, and the open source
community's propensity for investigating security issues and
exploits.
7/17/2006
- Microsoft PowerPoint 0-Day Vulnerability
While
there is still no 'official' ruling on whether Microsoft Office
for Mac is affected, the US
CERT is listing it as an affected version of the Office
software.
This
new vulnerability is being tracked as CVE-2006-3590.
According to the bulletins, "Microsoft PowerPoint contains
a vulnerability that could be exploited when PowerPoint opens
a specially crafted document. By convincing a user to open
a specially crafted PP document, an attacker could execute
arbitrary code with the privileges of the user running PowerPoint.
This may also cause PowerPoint to crash."
7/12/2006
- Ubuntu Security Notices
This
week, we have more security notices/updates from Ubuntu. The
latest are as follows:
Ubuntu
Security Notice USN-313-1 - openoffice.org-amd64, openoffice.org
vulnerabilities
Ubuntu
Security Notice USN-311-1 - linux-source-2.6.10/-2.6.12/-2.6.15
vulnerabilities
7/12/2006
- Microsoft Office Updates Released.
Microsoft
has released Microsoft Office 2004 for Mac 11.2.5 and Microsoft
Office v.X 10.1.7. In addition to an Entourage fix, this also
includes the following security enhancement..."This update
fixes vulnerabilities in Microsoft Office 2004 for Mac that
an attacker can use to overwrite the contents of your computer's
memory with malicious code".
The
update is available via Office's internal updating mechanism,
or via Microsoft.com
7/11/2006
- Historical Browser Vulnerability Notes
Last week, we reported on the Safari DHTML
SetAttributeNode() Denial of Service vulnerability, posted
at browserfun.blogspot.com. HD Moore, the individual behind
the daily browser vulnerability posts at browserfun.blogspot.com,
has been credited w/ disclosing a few other Mac OS X browser
vulnerabilities. A quick glance on milw0rm, reveals the following:b
7/10/2006
- SabagSecurity is Almost 50!
This
week, we posted episode
49 of the SabagSecurity show. Next will with be the big
5-0! Thank you to all our loyal listeners....and keep listening
for more McAfee-flavored security goodness! Also, if you have
not stuck you pin on the SabagSecurity
Frapper map....please do!
7/6/2006
- Apple Safari DHTML SetAttributeNode() Denial of Service
The
folks behind browserfun.blogspot.com have committed to releasing
a new browser exploit, every day, for the month of July. So
far, they have met that commitment. On July 4th, a DoS vulnerability
for Safari 2.0.4 / 419.3 was posted. The vulnerability was
discovered via the Hamachi
fuzzing tool.
Full
details.....(including a link to the demo)
7/3/2006
- McAfee Reaches 200,000 Threats in their DATs
The
real interesting part of this is that they reached 100,000
in September of 2004! It took eighteen years to reach 100,000,
and less than 2 to double that. We expect this type of growth
to continue..
See the Avert
Labs Blog for more detail....
7/2/2006
- Sophos Recommends the Switch to Macs!
"Sophos
security said that the 10 most commonly found pieces of malicious
software all targeted Windows machines.
In
contrast, it said, none of the "malware" were capable
of infecting the Mac OS X operating system.......It seems
likely that Macs will continue to be the safer place for computer
users for some time to come," said Mr Cluley"
Full
Article
7/3/2006
- Latest "Mac OS X Trojan" Still Just PoC (Proof
of Concept).
There
has been a great deal of media attention to Symantec's "OSX.Exploit.Launchd"
"trojan". Given the current state of heightened
security awareness, on the Mac OS X platform, this is somewhat
understandable. However, as of this writing, this is not a
live threat. It is even a bit of a stretch to call this a
"trojan". This is proof-of-concept code...and that
fact is plainly advertised. In theory, this vulnerability
'could be' targeted by a similar exploit, via a trojan hoarse.
However that is not the case with the code available now.
More
info:
Macfixit - http://www.macfixit.com/articlstory=20
Symantec - http://www.sarc.com//venc/data/osx..html
Vunet.com - www.vunet.com/article
6/30/2006
- Public (Proof-of Concept) Exploit Discovered for launchd
Vulnerability
Symantec
has posted a description for what they are calling OSX.Exploit.Launchd.
The PoC code is still being investigated, but it appears to
exploit the recently patched vulnerability in launchd (CVE-2006-1471).
This vulnerability was patched in Mac OS X Update 10.4.7.
The exploit
code was reported to milw0rm by Kevin Finisterre.
6/29/2006
- Apple OS X 10.4.7 .tiff "TIFFFetchAnyArray ()"
DoS
Tom
Ferris has posted a new advisory, which affects Mac OS X versions
10.4.7 and prior, when processing a malformed .tiff image
file. The vulnerability exists when the TIFFFetchAnyArray()
function does not properly parse and invalid tag, causing
the application in which it was opened, to crash.
Read the full
advisory here.
6/29/2006
- iTunes 6.0.5 Released
iTunes 6.0.5 addresses an integer overflow in the AAC file parsing that can lead to code execution. This vulnerability has been detailed in CVE-2006-1467:
CVE-ID: CVE-2006-1467
Available for: Mac OS X v10.2.8 or later, Windows XP / 2000
Impact: An integer overflow in iTunes could cause a denial of
service or lead to the execution of arbitrary code
Description: The AAC file parsing code in iTunes versions prior
to 6.0.5 contains an integer overflow vulnerability. Parsing a
maliciously-crafted AAC file could cause iTunes to terminate or
potentially execute arbitrary code. iTunes 6.0.5 addresses this
issue by improving the validation checks used when loading AAC
files. Credit to ATmaCA working with TippingPoint and the Zero Day
Initiative for reporting this issue.
6/28/2006
- F-Secure Posts Their Latest Data Security Summary
The
F-Secure research team, based in Helsinki, has posted their
latest video Data Security Summary. Amongst other topics,
Macintosh viruses / threats are discussed.
The
wrap-up can be found
here.
The video content (WMV format) is here.
The
discussion on Mac OS X viruses is a basic rehash or Leap.A
and Inqtana
6/28/2006
- Update on the Security Content of the Mac OS X 10.4.7 Update
We
have posted the specific security content here.
6/28/2006
- Mac OS X 10.4.7 Released
The
Mac OS X 10.4.7 Update has been released, and is currently
available for both PowerPC and Intel-based Macs. This update
includes a number of specific fixes, and security updates.
Mac OS X 10.4.7 is available via Software Update, or from
Apple's Site:
Mac
OS X Update 10.4.7 Combo Intel
Mac
OS X Update 10.4.7 Intel
Mac
OS X Update 10.4.7 Combo PPC
Mac
OS X Update 10.4.7 PPC
Mac
OS X Server Update 10.4.7 Combo
Mac
OS X Server Update 10.4.7
Apple
has yet to update their
site with specific security update information. Once it
is published we will update our posting as well.
6/27/2006
- Apple Mac OS X Multiple Command Execution and Privilege
Escalation Vulnerabilities
FrSirt
has posted the following advisory:
Advisory
ID : FrSIRT/ADV-2006-2566
CVE ID : CVE-2006-1468 - CVE-2006-1469 - CVE-2006-1470 - CVE-2006-1471
- CVE-2006-1989
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-06-27
Apple
has released security updates to address multiple vulnerabilities
identified in Mac OS X. These flaws could be exploited by
remote or local attackers to execute arbitrary commands, cause
a denial of service, or disclose sensitive information.
The first issue is due to an error in the AFP server
when displaying search results, which could be exploited by
malicious users to disclose the names of files and folders
for which they have no access.
The second vulnerability is due to a stack overflow error
in ImageIO when handling malformed TIFF images, which could
be exploited by attackers to crash an affected application
or compromise a vulnerable system via a specially crafted
TIFF image.
The third flaw is due to an error in the OpenLDAP server
that fails to properly handle invalid LDAP requests, which
could be exploited by remote attackers to cause a denial of
service.
The fourth issue is due to a format string error in the
setuid utility "launchd" when logging messages,
which could be exploited by malicious users to execute arbitrary
commands with elevated privileges.
The fifth vulnerability is due to an error in ClamAV,
which could be exploited by attackers to execute arbitrary
code by tricking a user into downloading virus signature updates
from a malicious web server. For additional information, see
: FrSIRT/ADV-2006-1586
The vulnerability is addressed in Mac
OS 10.4.7.
6/26/2006
- Check Point VPN-1 Secure Client
Check
Point has released their VPN-1 SecureClient for Mac OS X.
Benefits provided in this release include:
- Secured access to corporate resources
- Remote PC and handheld protection
- Flexible connectivity options
- Simplified central management for lower total cost of ownership
More
details.....
6/22/2006
- Three New iPod Locks
Targus
has debuted three new iPod security locks. The new product
line includes the Mobile Security Lock for iPod, the Desktop
Security Lock for iPod as well as the Eyelet Security Lock
for iPod. Each of the locks is designed for use with all dock-capable
iPods including the fifth-generation, iPod Nano, 4G, iPod
minis, and the 3G iPods.
More
details....
6/21/2006
- Elemental Security Platform Earns Mac Platform Security
Certification From the CIS
"SAN MATEO, Calif., June 21 /PRNewswire/ --
Elemental Security, Inc., the award-winning pioneer of new
technology in enterprise information
security, today announced that its Elemental Security Platform
(ESP) has been certified by the Center for Internet Security
(CIS) for the CIS Mac OS
X Benchmark v1.02. Elemental's policy and risk management
product is the industry's first product to complete the CIS'
rigorous certification process for the Mac OS X Benchmark."
Read
more...
6/21/2006
- Mozilla Camino 1.0.2 Released
Mozilla
has released version 1.0.2 of Camino
In Camino 1.0.2, we have made the following changes
and improvements since version 1.0.1:
* Fixed several critical security issues, including those
fixed in version 1.8.0.4 of the Mozilla Gecko rendering
engine.
Camino
1.0.2 is available for download here.
6/20/2006
- Yet Another "0-day Exploit" for Microsoft Excel
A
variety of security firms are publishing details on the latest
"0-day" exploit for various version of Microsoft
Excel.
http://secunia.com/advisories/20748/
http://www.milw0rm.com/exploits/1927
Microsoft
just recently posted some helpful tips
in response to last
weeks highly publicized Excel flaw.
6/20/2006
- Opera 9 for Mac OS X Released.
Opera
Software has released version
9 of their popular web browser. Amongst the security features
are the usual pop-up blocker as well as phishing alerts, SSL
v3, TLS 1.0/1.1, and 256-bit encryption. Opera 9 also provides
simple management of private data and cookie control. You
can download Opera 9 from here.
6/15/2006
- New Ubuntu Security Notices
Ubuntu
Security Notice - kdebase vulnerability (USN-301-1)
Ubuntu
Security Notice - wv2 vulnerability (USN-300-1)
6/14/2006
- Microsoft Office 2004 for Mac 11.2.4 Update
Microsoft has released the Microsoft Office 2004 for Mac 11.2.4 update. The update is available from Microsoft's site, or via the 'Check for Updates' menu option in any of the Office applications. The update contains the following security fixes/enhancements:
- This update fixes vulnerabilities in Office 2004 for Mac that an attacker can use to overwrite the contents of your computer's memory with malicious code.
- This particular vulnerability can be referenced via CVE-2006-0022
6/13/2006 - Danware NetOp Remote Control 9.0
"Danish software specialist Danware has launched NetOp Remote Control 9.0, its latest software product for IT remote control, offering new security and real time sight and sound communication features...."
"Security has been further enhanced in the new version of NetOp Remote Control. The 256-bit AES encryption is now part of the Linux, Solaris and Mac OS X modules, and logged events can be stored locally and/or on the security server."
Read more....
6/10/2006 - Uninformed.org Publishes "Abusing Mach on Mac OS X"
Uninformed.org has published a highly-informative paper on the history of the Mach kernel, how it is implemented in Mac OS X, and security issues related to this implementation.
"Abusing Mac on Mac OS X"
6/9/2006
- Ubuntu Security Notices
Ubuntu
has released the following security advisories for Ubuntu
5.04, 5.10, and 6.06 LTS. These advisories also apply to the
corresponding released of Kubuntu, Eduubuntu, and Xubuntu.
xine-lib
vulnerability (USN-295-1)
dovecot, exim4, postfix vulnerabilities (USN-288-3)
binutils vulnerability (USN-292-1)
6/8/2006
- PGP Authentication Bypass Vulnerability
PGP
Desktop Professional 9.x, for all platforms, appears to be
vulnerable to a few authentication bypass vulnerabilities.
One being a SDA bypass, the other being a full virtual authentication
disk bypass. Full details, as well as an informative proof-of-concept
video have been posted on safehack.
One of the major issues here is that if the passphrase is
changed, PGP does not change the underlying key which will
allow any user who had access to regain that access back via
the previous passphrase. Securiteam
also has a posting on this.
6/7/2006
- Little Snitch 1.2.3 Released
Version 1.2.3 of Little Snitch, a utility for monitoring outbound network communications, has been released. New Features in this version:
- This version of Little Snitch adds protection from a security vulnerability in Mac OS X for PowerPC where malicious applications could execute arbitrary program code in the context of other applications: "Code Injection Alert"
- The "Code Injection Alert" can now be switch on or off in the Little Snitch preferences.
- Fixed a bug which lead to wrong port names on Intel based Macs.
- Fixed a bug from the previous beta version 1.2.3b2 which could lead to a long delay after login.
- Fixed a bug which could lead to duplicate default rules.
When you created a rule for "Same Port" from Little Snitch's alert panel, the rule was erroneously added for "Same Port and Protocol" to the rule set. This issue has been fixed.
- Protection against forced termination (kill) was broken on Intel processors. This issue has been fixed.
6/7/2006
- Mozilla Firefox Key-Filtering Vulnerability
Several
security firms are reporting that Mozilla Firefox 1.5.0.4,
and it's successor 'SeaMonkey', are vulnerable to a recently
discovered vulnerability triggered by the use of JavaScript
'OnKeyDown' events. According to Symantec,
"Exploiting this issue requires that users
manually type the full path of files that attackers wish to
download…[and] may require substantial typing from targeted
users, so keyboard-based games, blogs, or other similar pages
are likely to be utilized by attackers to entice users to
enter the required keyboard input to exploit this issue,"
 Full
Details.....
6/6/2006
- BlackHat 2006 Schedule Released
The
schedule for BlackHat USA 2006 is posted. There's one Apple
/ Mac
OS X Server specific talk...and lots of other interesting
topics as well...
BlackHat
2006
6/6/2006
- Multiple New Releases from Intego's Family of Security Solutions
Intego
has announced the release of Internet
Security Barrier X4 AntiSpam Edition and Content Barrier X4.
Internet Security Barrier X4 is a combination of 3 existing
Intego products (NetBarrier X4, VirusBarrier X4, and Personal
AntiSpam X4). New to these versions are dashboard widgets
for Tiger, an improved user interface, NetUpdate improvements
and more. These releases also provide full Intel compatibility.
6/5/2006
- Goodbye IPv4, Hello IPv6
Now
is the time to start wrapping your brain around IPv6. Mac
OS X has supported
IPv6 for years now..but without much support out in the
ether, opportunities to use it live don't often present themselves.
It seems as though there has been a big push, recently, to
get people moving on the new IP standard...That, coupled with
the decommissioning of 6Bone,
brings us to a new "era". So..to get started on
IPv6, start here:
RFC
2460
Microsoft
Introduction to IPv6
IPv6
Introduction (IPv6 Global Community)
6/2/2006
- MySQL Multibyte Encoding SQL Injection Vulnerability
A
vulnerability has been disclosed, which could allow for SQL
injection attacks.According to the Secunia
advisory "he vulnerability is caused due to an error
within the server when parsing a query string that is escaped
with the "mysql_real_escape_string()" function".
Vulnerable users can upgrade to either MySQL 4.1.20
or 5.0.22.
6/1/2006
- Mozilla Firefox 1.5.0.4 Released
Mozilla Firefox 1.5.0.4 is now available. This release provides improved product stability, as well as several security updates. The update can be downloaded from Mozilla's site, or acquired via the 'Check For Updates' command in the 'Help' menu. It should also be noted that Mozilla Thunderbird was released on 5/31/2006. This release provides universal binary support for Intel-based Macs...as well as several security updates.
5/31/2006
- SSH Tunnel Manager Allows the Creation of Custom SSH Tunnels
A
recent article at nonstopmac.com provides a thorough tutorial
on how to use SSH Tunnel Manager (from Tynsoe.org)
to create your own secure connections. This can come in handy
in situations where an encrypted connection is required, but
not necessarily provided by the target service.
Read
more...
5/31/2006
- Apple Releases Quicktime 7.1.1
Quicktime
7.1.1 has been released to address issues incurred after
installing Quicktime 7.1 and the Apple Security Update 2006-003.
5/30/2006
- ADmitMac 3.2 Released
Thursby
has released ADmitMac 3.2. This release provides support on
Intel-based Mac, as well as a few other fixes and feature
updates.
"ADmitMac is tailored for multi-user, multi-computer
scenarios with administrator defined network security. It
supports the highest levels of security and does not require
the downgrading of security when using Windows Server 2003.
Kerberos is used to provide secure directory access, thus
reducing the risk of unwanted disclosure, spoofing, and man-in-the
middle attacks. ADmitMac works with domains configured using
Microsoft’s Highly Secure (HISEC) security templates,
automatically configuring the Macintosh to use Kerberos, obtains
the necessary security keys from the domain and performs mutual
authentication requiring the server to prove its identify.
ADmitMac also works with older NT directory services. "
5/25/2006
- Tor 0.1.1.20 Provides Multiple Security Fixes
Tor,
an anonymizer for web browsing, web publishing, instant messaging,
IRC, SSH, and a number of other TCP-based packages, has released
version 0.1.1.20. For a full list of changes, including major
security fixes, view the changelog.
5/24/2006
- Security Updates in Xcode 2.3
WebObjects
CVE-ID: CVE-2006-1466
Available for: Mac OS X v10.4 and later
Impact: If you install WebObjects developer tools, remote
attackers may be able to obtain or modify WebObjects projects
while Xcode is running
5/24/2006
- New Updates on Apple's Developer Site
Xcode
2.3 Released
Reference
Material:
5/23/2006
- Apple Updates Their PGP Key
FYI - Apple has posted a new PGP key (RSA 2048), which is valid until 5/15/2007
https://www.apple.com/support/security/pgp/
5/22/2006
- Tenable Network Security Releases Nessus 3 for Mac OS X
Nessus 3 for OS X is the first release of Tenable Network Security's vulnerability scanner and risk management solution. Nessus 3, historically has competed against the likes of Foundstone, ISS and Qualys. The release of such a strong, and relevant, competitor in this market validates the current state of heightened awareness for the Mac OS X platform and Enterprise community.
5/22/2006 - Apple Product Management Dismisses Kernel Rumors
Apple
product manage, Ernest N. Prabhakar, has stated that the current
rumors that Apple will close the source code on the x86 kernel
are pure speculation at this point. The statements were made
via a discussion thread on one of Apple's mailing lists. While
he does not indicate which way Apple will ultimately go, he
does state that the current rumors are "not necessarily
fact".
5/18/2006
- 11-year old Discovers Mac OS X Security Issues via Microsoft
Office
AppleMatters
has reported that the OS X simple Finder/ parental controls
can be bypassed via simple functionality within Microsoft
Office Documents. The example provided illustrates the ability
for any "restricted" account to run *any* program
on the machine via the "Run Program" option though
PowerPoint's custom slide actions.
Read
More....
5/17/2006
- Symantec LiveUpdate Currently Unavailable
Norton
Antivirus for Mac users have been experiencing issues with
Symantec LiveUpdate, since applying Security Update 2006-003.
Symantec, reportedly, has a fix underway.
Details....
5/17/2006
- Apple Closes the Source for a x86 Client Kernel.
Tom
Yager's story in Inforworld details how Apple has made the
x86-compatible Mac OS X kernel fully proprietary. This move
was fueled, in part, by the fear of OS piracy...
Read
more....
5/16/2006
- Warner Bros. Partners with 180Solutions
This
is not specifically Mac OS X-Security related ..however, it's
fascinating nonetheless. Who knows what the motivation is
behind this partnership. 180Solutions is a known-adware/spyware
pusher. The fact that Warner Bros. would aid in legitimizing
180's past practices is mind-boggling.
Read
more...
5/15/2006
- Mac OS X Security Vulnerabilities Remain Unpatched.
Tom
Ferris (security-protocols.com) has stated that the lastest
security update from Apple fails to address all hisreported
security vulnerabilities. Amongst those which remain unpatched
are the ReadBMP () .bmp Heap Overflow, as well as all the
Safari vulnerabilities detailed in the "Apple
OS X Safari 2.0.3 Multiple Vulnerabilities" advisory.
Details...
5/11/2006
- Multiple Security Updates from Apple.
The
following security updates have been released:
- Quicktime
7.1 - Details
- Security
Update 2006-003 - Details
5/10/2006
- ClamXav Released with Intel Support
ClamXav
1.0.3h has been released. This update provides support for
Intel-based Macs, as well as other feature
updates and bug fixes. The ClamXav update can be acquired
here.
5/9/2006
- Sophos Anti-Virus for Mac CAB file vulnerability
A
vulnerability has been discovered in Sophos's unpacking of
Microsoft Cabinet files, whereby a Microsoft Cabinet (CAB)
file could be deliberately crafted to allow an attacker to
execute arbitrary code on a vulnerable installation of Sophos
Anti-Virus.
Sophos
Anti-Virus for Mac OS X 4.7.2 and above are *not* affected.
Versions 4.7.1 and below are.
Read
the full bulletin here.
5/8/2006
- Continued Backlash from McAfee OS X Malware Report
Independent
reports continue to counter McAfee's
recent findings on the current state of Mac OS X malware
and security threats. While we feel that many of these counter-arguments
echo the overly lackadaisical attitude, towards security,
of the Mac community..they do pose some interesting points.
We will let you decide for yourself :)
McAfee
bites into Apple Security
McAfee
Mac Security Report Is 'Scaremongering'
5/8/206
- Ubuntu Security Notice - mysql-dfsg-4.1, mysql-dfsg vulnerabilities
(USN-283-1)
================================
Ubuntu Security Notice USN-283-1
mysql-dfsg-4.1, mysql-dfsg vulnerabilities
CVE-2006-1516, CVE-2006-1517
===============================
Read
the full bulletin here.
4/30/2006
- Safari Denial of Service Vulnerability
A
vulnerability is present in Apple Mac OS X Safari (2.0.3)
that may allow for a denial of service attack. Successful
exploitation would involve coercing a victim to a malicious
website that contains HTML with an unusually large rowspan
value. This will cause resource exhaustion that could further
lead to a complete denial of service. Proof of concept code
does exist.
Full Bulletin
4/28/2006
- VB2006 Program Released
The
Virus
Bulletin 2006 program has been posted. On Friday, October
13, Marius van Oers (McAfee
AVERT) will be presenting on "Macintosh
OS X Binary Malware". This should make for a very
interesting, and highly technical discussion. We'll see you
all in Montreal!
4/28/2006
- Is Apple Going to Spy On Us?
Apple
has filed a patent
for a flat-panel LCD screen which would have the ability
to record video via "tiny image sensors in between
the LCD cells of the flat-panel monitor". While this
sounds extremely "cool" and innovative, one can
already speculate on the misuse of such an "embeded"
feature. What if a crafty piece of malware were to activate
this recording functionality and then transmit video of you
to some unknown destination? It will be interesting to see
how this plays out.....
4/26/2006
- Multiple PHP4/PHP5 Vulnerabilities
PHP4/PHP5
wordwrap() buffer overflow
PHP4/PHP5 array_fill() DoS condition
PHP5 substr_compare() DoS condition
The
full advisory is available here.
Versions 4.4.2
and
5.1.2 are affected.
4/26/2006
- Ubuntu Security Notices
USN-273-1:
Ruby vulnerability (CVE-2006-1931)
USN-272-1:
cyrus-sasl2 vulnerability (CVE-2006-1721)
4/25/2006
- Security Fixes in Thunderbird 1.5.0.2
Mozilla
released Thunderbird 1.5.0.2 on April 21, 2006. Several
security issues were addressed. Thunderbird 1.5.0.2 can
be acquired from Mozilla.org
4/25/2006
- Mac OS X Attracting More Malware...
A
number of articles have appeared lately, which continue to
claim that the move to Intel, and the ability to boot Windows,
will make the Macs more attractive to virus/worm/trojan writers.
We feel it necessary to chime in.......
These
articles typically fail to differentiate between the Mac OS
X *platform*, and the hardware. If you ask..."Will the
Mac OS be more susceptible". The answer is ...'possibly'.
As Mac OS X itself gains popularity...the potential for such
exploitation could grow. That holds true for any OS. However,
if you are specifically referring to the Apple hardware..booting
into Windows...than the answer would be "Yes". If
you boot your Intel-based Mac into Windows...your exposure
to Windows-based threats is equal to that of any other Windows
user. One may even argue that the exposure is greater given
that some Mac users may not be accustomed to maintaining all
the safeguards required to "secure" the Windows
OS....
Macs,
long a safe haven, face growing security risk
Experts
Say Macs More Vulnerable To Computer Viruses
Linux
on Mac Could Spike Attackers' Interest
Wise up, Mac users; viruses can get you, too
4/20/2006
- Updated Coverage on Unpatched Mac OS X Vulnerabilities
We
reported these previously,
as they were reported on security-protocols.com. However,
they seem to be getting press again. Updated bulletins have
been posted as well.
Apple
OS X 10.4.5 .tiff "LZWDecodeVector ()" Heap Overflow
Apple
OS X BOM ArchiveHelper .zip Heap Overflow
Apple
OS X Safari 2.0.3 Multiple Vulnerabilities
Apple
OS X 10.4.6 "ReadBMP ()" .bmp Heap Overflow
Apple
OS X 10.4.6 "CFAllocatorAllocate ()" .gif Heap Overflow
Apple
OS X 10.4.6 .tiff "_cg_TIFFSetField ()" DoS
Apple
OS X 10.4.6 .tiff "PredictorVSetField ()" Heap Overflow
4/19/2006
- Oracle Patches 35+ Vulnerabilities.
Oracle
has released their Critical
Patch Update for April 2006. Numerous vulnerabilities
are addressed, including some which affect Oracle running
on Mac OS X. One such example would be CVE-2006-1705.
4/18/2006
- Symantec LiveUpdate Local Privilege Escalation Vulnerability
Some
components of Symantec's LiveUpdate for Macintosh do not set
their execution path environment. A non-privileged user can
change their execution path environment. If the user then
executes one of these components, it will inherit the changed
environment and use it to locate system commands. These components
are configured to run with System Administrative privileges
(SUID) and are vulnerable to a potential Trojan horse attack.
The
full bulletin can be read here.
The patch, for remediation of this issue, is available via
LiveUpdate.
4/18/2006
- MacScan 2.1 Released
'Securemac.com'
has released MacScan 2.1. This update provides support for
Intel-based Macs, as well as a definitions update to protect
against a greater number of "spyware" threats. Note
that the consensual
definition of "spyware" does not always describe
some of the items detected by MacScan. Many of the detected
'threats' do overtly advertise their function. While they
may change the security state of the host on which they are
installed...any risk is assumed by the user installing them....
That being said..a full list of detected "threats"
is available here...
4/17/2006
- J2SE Security Update Released
Apple
has released a security update
for Java 2 Standard Edition (J2SE) . Version 5.0 Release
4. This release includes J2SE 1.5.0_06, which will supercede
version 1.4.2. Applications will run with 1.5.0_06, unless
specifically coded to use version 1.4.2. Two security updates
are also included
- Untrusted JAVA applications may obtain
elevated privileges through the Java Webstart Program,
or through the use of "reflection" APIs.
- "Security fix for Java InputMethods
4/17/2006
- Intego Releases Personal Antispam X4
Intego
has released Personal Antispam X4. This release claims to
go beyond traditional 'filter-method' anti-spam solutions.
It works with multiple email applications, and allows for
Bayesian filtering, content filtering based on a variety of
criteria, blacklist/whitelist functionality, and it "learns"
from analyzing patterns in received mail. More details here...
4/14/2006
- Security Updates in Firefox 1.5.0.2
Firefox
1.5.0.2 is now available. In addition to providing support
for Intel-based Macs, the following security issues are addressed:
MFSA
2006-29 Spoofing with translucent
windows
MFSA
2006-28 Security check of js_ValueToFunctionObject() can
be circumvented
MFSA
2006-25 Privilege escalation through Print Preview
MFSA
2006-24 Privilege escalation using crypto.generateCRMFRequest
MFSA
2006-23 File stealing by changing input type
MFSA
2006-22 CSS Letter-Spacing Heap Overflow Vulnerability
MFSA
2006-20 Crashes with evidence of memory corruption (rv:1.8.0.2)
4/13/2006
- A First Look at Zfone..(again)..
We
reported on the public beta of Zfone (for Mac OS X) last month,
however, today a great new "First Look" article
appeared. It's well worth the read if you are interested in
what Phil Zimmermann has been up to..
Read
more...
4/10/2006
- McAfee Releases VirusScan for MacIntel v8.0
McAfee
has released their first product to support Intel-based Macs.
VirusScan 8.0 is an 'on-demand' only release. This release
supports on-demand scanning of the filesystem, as wells a
specific freature to scan Apple Mail mailboxes.
VirusScan for Mactel is an anti-virus application
that helps you keep your Apple computer free of viruses, Trojan
horses and other malicious code. VirusScan for Mactel features
on-demand scanning, scan and update scheduling, online help
and drag-and-drop scanning.
VirusScan
for Mactel also integrates with McAfee ePolicy Orchestrator
(version 3.5 and 3.6) to provide you with a single point
of control for your systems running VirusScan for Mactel
software.
McAfee VirusScan
8.0 is currently available from McAfee's
website
4/10/2006
- Macs Play Host to Malware for Other Platforms
In
a recent article,
McAfee APAC Marketing Director, Alan Bell, stated that Macs
are a security issue due to their abileity to be "carriers",
in environments which share data across platorms. We reported
this almost a year ago in episode
1 of the SABAGSecurity show....and again (also with SABAGSecurity)
during the 0-day threat series...so..is anti-virus necessary
on a Mac? Yes... Do Macs need to be considered during the
risk management and policy development process...Yes!
4/07/2006
- Cross Platform PoC virus reported by Viruslist...
This
is a cross-platform Linux-Windows virus (and it is not the
first of its' kind). It claims to infect both Linux ELF binaries
as well as Windows .EXE files. The "risk", at this
time, is low. However, this is an important Proof-of-Concept
in that we can expect more of this stuff to come...and if
Linux is "vulnerable"...so is Mac OS X. If you are
not running a proper anti-virus program, you should.....
The
full report is here.....
4/03/2006
- Apple Releases Mac OS X 10.4.6
Mac
OS X 10.4.6 is now available via Software Update. This
OS Update includes Security
Update 2006-001 and Security
Update 2006-002. In addition, Mac OS X 10.4.6 also includes
CVE-2006-0401. This update enhances the security
provided by the firmware passwords, avoiding situations where
firmware passwords could be bypassed on Intel-based Macs.
This update includes a number of updates and enhancements,
including:
- 802.1X login authentication configurations
- Improved iDisk (WebDAV file system performance)
- Stability improvements in a number of Apple applications
- Full details on Mac OS X 10.4.6 can be found
here..
4/03/2006
- URGSoft quietly releases abmst (A Bit More Secure Terminal)
v3
Abmst
is designed to prevent unintended execution of terminal documents
(aka viruss/worms/trojans and other malware) when said "documents"
are masked as a normal document attempting to execute a terminal
session. UGSoft is marketing this as "Free-of-charge
virus protection for Mac OS X"....although that may be
a bit of a stretch when you compare the feature set of abmst
to that of a fully-realized anti-virus product such as McAfee
Virex or Norton
Antivirus. Once installed, Abmst should prompt for confirmation
when terminal sessions are started. The readme for Abmst v3
can be found here.
3/30/2006
- New Safari image-rendering vulnerability in ImageIO.
Drunkenblog[dot]com
has posted information on a new ImageIO vulnerability which
can cause Safari, and other system components (including the
Finder) to crash. What's the threat? Is the same time of situation
we saw with the recent MS06-001
vulnerability for the Windows world. If these specially crafted
images begin to appear all over the web, we could see this
issue getting bigger and bigger. A Proof-Of-Concept image
was included in the blog posting.
DO
NOT FOLLOW THIS LINK IN SAFARI - original
posting
3/30/2006
- Update on RealNetworks Security Vulnerabilities (RealPlayer
10 and RealOne Player)
Mac
Realplayer 10 (10.0.0.305-331) and Mac RealOne Player are
vulnerable to the following:
CVE-2006-0323
- The identified vulnerability is a malicious swf file (flash
media) which could cause a buffer overrun on a customer's
machine.
CAN-2005-2922
- The identified vulnerability involves the housing of a specially
crafted web page on a malicious server which could cause a
heap overflow in the embedded player.
If
you are running a vulnerable version of RealPlayer or RealOne
Player, you can update to the current version via RealPlayer's
"Check for Update" mechanism.
See
the original bulletin
here.
Zfone
- Public Beta for secure VOIP Communications
If
you have not taken a look at Zfone yet, we encourage you to
do so. This is Phil Zimmerman's new VOIP product (successor
to PGPfone). What makes this one better (aside from it being
available on OS X and Linux first)?
"The ZRTP protocol has some
nice cryptographic features lacking in many other approaches
to VoIP encryption. Although it uses a pu |