Showing posts with label Security Patch. Show all posts
Showing posts with label Security Patch. Show all posts

Apple Brings iOS 7.0.4 [Includes New Features, FaceTime Bug & App Store Purchase Flaw Fixed]

Posted by Avik Sarkar On 11/17/2013 06:32:00 pm

Apple Brings iOS 7.0.4 & iOS 6.1.5 Includes New FeaturesFaceTime Bug  & App Store Purchase Flaw Fixed


California based tech giant Apple Inc has released a new update on their popular iOS software running on iPhone, iPad, and iPod touch devices. This release of of iOS 7.0.4  includes bug fixes and improvements, including a fix for an issue that causes FaceTime calls to fail for some users. iPods that are not able to upgrade to iOS 7 have their own version to upgrade to, iOS 6.1.5. The release of iOS 7.04 marks the third update of the iPhone operating system in the short time since Apple pushed out iOS 7 in September. The new OS represented a major change from the older operating systems, both in the look and feel of the software and in its functionality.  There’s much zooming in and out and all about in iOS 7, as well as a blurry background that has drawn quite a bit of criticism. iOS 7 also was a major security release, fixing issues with the iPhone’s certificate trust policy as well as remote code-execution vulnerabilities in the CoreGraphics and CoreMedia components. 

The new update improves iCloud Keychain, which was introduced in iOS 7.0.3, and the latest version of the desktop software, OS X Mavericks. The cloud-based technology keeps the Safari browser's passwords and credit card data in sync across all your Apple devices. Secondly, in Spotlight, the device's internal search engine, Apple has brought back the ability to search Google and Wikipedia from the results. The two services were removed when iOS 7 was first released in mid-September. 
Also on Thursday, Apple released a corresponding update to its Apple TV, updating the set-top box to version 6.0.2.  Users can update to the latest version by accessing the device's Settings, selecting General, then Software Update. In spite of the relatively small size of the update, it's recommended that users use Wi-Fi when updating. To avoid security vulnerabilities every Apple users are highly recommended to update their software. 



-Source (Apple, ZDNet & Threat Post





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Exploiting Old Ruby on Rails Vulnerability To Compromise Web Servers & Create Botnet

Posted by Avik Sarkar On 6/03/2013 09:06:00 pm

Hackers Exploiting Old Ruby on Rails Vulnerability (CVE-2013-0156) To Compromise Web Servers & Create IRC Botnet
A critical vulnerability on Ruby on Rails spotted in January this year which was deemed “critical” at the same time yet again found in the wild. The vulnerability known as CVE-2013-0156 that affected versions 3.0.20 and 2.3.16 again rises it's hand. Though a security patch was released by the Rails developers. But as we all know that many server administrator used to be unaware of these events have not patched their systems. As a result hackers and cyber criminals are actively exploiting a critical vulnerability in the Ruby on Rails Web application development framework in order to compromise Web servers and create a dangerous botnet. This major security issue was first discovered by a security consultant Mr. Jeff Jarmoc of research firm Matasano Security. In his blog Jarmoc said "It’s pretty surprising that it’s taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails. It also appears to be affecting some web hosts." According to his blog post -the exploit that's currently being used by attackers adds a custom cron job -- a scheduled task on Linux machines that executes a sequence of commands. Those commands download a malicious C source file from a remote server, compile it locally and execute it. The resulting malware is a bot that connects to an IRC (Internet Relay Chat) server and joins a predefined channel where it waits for commands from the attackers. A pre-compiled version of the malware is also downloaded in case the compilation procedure fails on the compromised systems.
"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc said. "There's no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands." But the matter of relief is that Jarmoc concluded while saying "this is a pretty straightforward skiddy exploit of a vulnerability that has been publicly known, and warned about, for months."

But still administrators who have not yet patched their Rails version should immediately should update the Ruby on Rails installations on their servers to at least versions 3.2.11, 3.1.10, 3.0.19 or 2.3.15 which contain the patch for this vulnerability. However, the best course of action is probably to update to the latest available Rails versions, depending on the branch used, since other critical vulnerabilities have been addressed since then. 

Brief About RoR:- Ruby on Rails is a popular framework for developing Web applications based on the Ruby programming language and is used by major websites including Hulu, GroupOn, GitHub and Scribd.







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

GFI LanGuard 2012 One Solution For vulnerability Scanning, Patch Management, Network & Software Audit

Posted by Avik Sarkar On 5/09/2013 04:28:00 pm

GFI LanGuard 2012 One Solution For Vulnerability Scanning, Patch Management, Network & Software Auditing 

Earlier we have talked about GFI LanGuard, but while looking at the rising cyber threats, security researcher  continue to identify new, sophisticated malware threats, vulnerability and patch management are more critical than ever as a key component of a layered security approach. To get rid of all those security challenges, GFI Software announced the availability of GFI LanGuard 2012, in which the manufacturer claimed to provide network and system administrators with the ability to manage 100 percent of their patching needs through a single, intuitive and easy-to-use interface, without the need for other update tools. So lets take a roam of this fine product of GFI Software-

Enhanced Features of GFI LanGuard 2012 include:
  • Comprehensive Patch Management – Administrators can now manage 100 percent of their patching needs – both security and non-security updates – from a centralized console. No other update tools are necessary.
  • Strong Vulnerability Assessment for Network Devices – Network devices such as printers, routers and switches from manufacturers such as HP and Cisco, can now be detected and scanned for vulnerabilities. GFI LanGuard 2012 performs over 50,000 checks against operating systems, installed applications and device firmware for security flaws and misconfigurations. It also runs network audits that now detect mobile devices running iOS and Android operating systems.
  • Improved Scan and Remediation Performance – New Relay Agents receive patches and definition files directly from the GFI LanGuard server and distribute as appropriate – helping IT resources save time, manage network bandwidth and increase the number of devices that can be accommodated. This is particularly effective in multi-site and large networks.
GFI LanGuard 2012 combines vulnerability scanning, patch management, and network and software auditing into one solution that enables IT professionals to scan, detect, assess and correct potential security risks on their networks with minimal administrative effort. GFI LanGuard also enables administrators to inventory devices attached to their networks; receive change alerts, such as notification when a new application is installed; ensure antivirus applications are current and enabled; and strengthen compliance with industry regulations through automated patch management that defends against potential network vulnerabilities. With GFI LanGuard, IT administrators can manage more than 2,500 machines from a single console, it integrates with more than 1,500 security applications and includes keyword search functionality.

After going through the above brief description, many of you must be excited about this new product. For the kind information of our readers, yes indeed GFI LanGuard 2012 is one of the finest tool ever released in this domain. Detailed information LanGuard 2012 can be found here. Also a 30 day trail pack of GFI LanGuard 2012 has been made available for download





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

42 Java Holes Fixed By Oracle in April 2013 Critical Patch Update Advisory

Posted by Avik Sarkar On 4/18/2013 06:08:00 pm

42 Java Holes Fixed By Oracle in April 2013 Critical Patch Update (CPU) Advisory

The Oracle Corporation has released what it called a critical patch update for its Web-based Java programming language. Java SE software that fixes at least 42 security flaws in the widely-installed program and associated browser plugin. The Java update also introduces new features designed to alert users about the security risks of running certain Java contentThe April patch, which targets 42 vulnerabilities, 19 of which have a severity rating of 10 (highest possible threat level) includes a majority of vulnerabilities that are currently being exploited. Among those 42 new security fixes across Java SE products of which 2 are applicable to server deployments of Java.  According to Oracle, “39 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password.” Along with the fixes, Oracle changed the default setting of Java SE. Java applets will no longer run in a Web browser unless they have been digitally signed until a warning prompt is acknowledged. It has also extended how users will be alerted of other Java-related security issues. According to renowned security expert and blogger Brian KrebsJava 7 Update 21 also introduces some new security warnings and message prompts for users who keep the program plugged into a Web browser (on installation and updating, Java adds itself as an active browser plugin). Oracle said the messages that will be presented depend upon different risk factors, such as using old versions of Java or running applet code that is not signed from a trusted Certificate Authority. Apps that present a lower risk display a simple informational message. This includes an option to prevent showing similar messages for apps from the same publisher in the future. Java applications considered to be higher risk — such as those that use an untrusted or expired certificate — will be accompanied by a prompt with a yellow exclamation point in a yellow warning triangle.

Affected Product Releases and Versions:-
Java SEPatch Availability
JDK and JRE 7 Update 17 and earlierJava SE
JDK and JRE 6 Update 43 and earlierJava SE
JDK and JRE 5.0 Update 41 and earlierJava SE
JavaFX 2.2.7 and earlierJavaFX
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. As Java has been run by millions of devices and users across the globe, so we urge all of our readers to install and apply the security fixes to avoid any kind of threats. Note that - Oracle said that this week's security updates don't take care of all known flaws, they do address all known vulnerabilities currently being exploited in the wild. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PostgreSQL Fixed “Persistent Denial-of-Service” Vulnerability (CVE-2013-1899)

Posted by Avik Sarkar On 4/11/2013 01:44:00 am

PostgreSQL Fixed 'High-Exposure Security Vulnerability' Causing Denial-of-Service Attack (CVE-2013-1899)

Security researcher's have yet again figured out a serious security hole in one of most widely used object-relational database management system, PostgreSQL also known as Postgres. While manipulating the loophole an attacker can easily corrupt files and in some cases, can execute malicious code on underlying servers causing "persistent denial-of-service" attack. By corrupting the files an attacker can cause database server to crash and refuse to reboot. Affected servers could only be restarted by removing garbage text from the files or by restoring them from a backup. Versions 9.0, 9.1, and 9.2 are all vulnerable. As soon as this vulnerability get spotted, the developers at PostgreSQL immediately  released updates while addressing a "high-exposure security vulnerability in versions 9.0 and later." The updates are available for 9.0, 9.1, and 9.2 branches, as well as 8.4. This updates also allow PostgreSQL to be built using Microsoft Visual Studio 2012. According to developers: "A major security issue fixed in this release, CVE-2013-1899, makes it possible for a connection request containing a database name that begins with "-" to be crafted that can damage or destroy files within a server's data directory. Anyone with access to the port the PostgreSQL server listens on can initiate this request. This issue was discovered by Mitsumasa Kondo and Kyotaro Horiguchi of NTT Open Source Software Center." In addition to fixes for one major security issue, the updates also include four more minor security fixes, as well as fixes for other, non-security-related issues. 

Some of these fixes include:
  • A security vulnerability that made contrib/pgcrypto-generated strings too easy to guess;
  • A vulnerability that would allow unprivileged users to interfere with backups;
  • Security issues involving the OS X and Linux installers;
  • Vaious issues with GiST indices;
  • An issue related to crash recovery; and
  • Memory and buffer leaks, among others.

The complete list of fixes and enhancements in each version can be found on the PostgreSQL release notes archive page. Also the patched PostgreSQL 9.2.4, 9.1.9, 9.0.13, and 8.4.17 are available now at download  page. While talking about this fix, we would like to remind you that, late in last year another security vulnerability hit PostgreSQL database system, including versions 9.1.5, 9.0.9, 8.4.13 and 8.3.20. The security holes associated with libxml2 and libxslt. Along with that a vulnerability in the built-in XML functionality, and a vulnerability in the XSLT functionality supplied by the optional XML2 extension. 



-Source (Campus Technology & The-H)








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

DHS & US-CERT Recommended to Disable Java in Web Browsers

Posted by Avik Sarkar On 1/18/2013 06:49:00 pm

DHS & US-CERT Recommended to Disable Java in Web Browsers Unless It's Absolutely Necessary

The running time is proving to be the worst period for Java, as it has been walking under serious security issues. Yet again security researchers have pointed out a zero-day security vulnerability in the Java program that hackers are exploiting. The exploit takes advantage of a vulnerability left open in Java 7 Update 10, released in October last year. It works by getting Java users to visit a website with malicious code that takes advantage of a security gap to take control of users' computers. Thus how Java is being used by cyber criminals to infect computers with malware. Oracle, hasn't specified the number of users who have downloaded Java 7 Update 10. However, Java runs on more than 850 million computers and other devices. When Oracle released Update 10, so it is predictable that more than 850 million devices run by Java is under threat. The exploit was first discovered by French researcher Kafeine, who claimed to have found it running on a site registering hundreds of thousands of page views daily. From that site, immediately that vulnerability and a large number of effected devices has been spotted in the wild. In Java 7 Update 10 the creator of Java, Oracle added several security control and fixed older bugs and promised more security enhancement, but its very unfortunate that Oracle failed to keep their promise. What ever after this newly discovered 0-day hole spotted wildly, Oracle Security Alert CVE-2013-0422 states that Java 7 Update 11 addresses this (CVE-2013-0422) and an equally severe, but distinct vulnerability (CVE-2012-3174). Immunity has indicated that only the reflection vulnerability has been fixed and that the JMX MBean vulnerability remains. Java 7u11 sets the default Java security settings to "High" so that users will be prompted before running unsigned or self-signed Java applets. It "strongly recommends" that Java SE 7 users upgrade immediately to avoid all kind of security hazards. 

After seeing all the drama, many of you have failed to keep trust in Java, and you all will be relieved when you will gone through the security advisory of CERT (Computer Emergency Response Team) where they have clearly instructed to disable Java in your popular web-browser. In their official release CERT said "Unless it is absolutely necessary to run Java in web browsers, disable it as described below, even after updating to 7u11. This will help mitigate other Java vulnerabilities that may be discovered in the future."

You will see similar advice in the advisory posted on the official DHS US-CERT website where DHS also suggested to disable Java until and unless it is that much necessary. "To defend against this and future Java vulnerabilities, consider disabling Java in web browsers until adequate updates are available. As with any software, unnecessary features should be disabled or removed as appropriate for your environment." - said U.S. CERT in their advisory. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

Posted by Avik Sarkar On 1/05/2013 09:48:00 pm

Microsoft Security Advisory (2794220) Remote Code Execution Vulnerability in Internet Explorer Fixed

The Redmond based software giant Microsoft issued an urgent security advisory to address vulnerabilities in its popular web-browser that is Internet Explorer.  Few of days new “zero day” security hole in IE was discovered which could potentially allow hackers to take over control of your system when all you've done is visit an infected website. The vulnerability affects IE versions 6, 7 and 8. Though the latest versions of the browser, that means IE 9 and 10, are not affected. “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.” Microsoft said in its statement. The statement went on to say, “an attacker could host a website that contains a webpage that is used to exploit this vulnerability. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability.”
On its advisory Microsoft first issued warning of the problem, which involves how IE accesses "an object in memory that has been deleted or has not been properly allocated." The problem corrupts the browser's memory, allowing attackers to execute their own code. Security vendor Symantec described such a scenario as a "watering hole" attack, where victims are profiled and then lured to the malicious site. Last week, one of the websites discovered to have been rigged to delivered an attack was that of the Council on Foreign Relations, a renowned foreign policy think tank. 
While talking about IE and its bugs, then we would like to remind you that couple of weeks ago, Spider.io a website analytics firm has discovered a security vulnerability in all current versions of Internet Explorer that allows attackers to trace mouse cursors anywhere on users' screens even if the Internet Explorer window is minimized. That time the software giant ignored that particular issue. But here they take this one bit seriously; So if you still using the older and affected version of IE, then its time to update your browser, in order to stay safe and secure on the Internet. To update your browser or to access the security fix click Here




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes

Posted by Avik Sarkar On 12/21/2012 07:18:00 pm

Oracle Released Java 7 update 10 With Security Enhancements & Bug Fixes 

This is the third time in a year when Oracle has updated the standard edition of Java platform. This release includes new security controls in addition to a bug fix and updated timezone data. This latest update also contains a number of security enhancements and is now certified for Mac OS X 10.8 and Windows 8. The security enhancements include the ability to disable any Java application from running in the browser and the ability to set a desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications. While keeping in mind the last security issues with Java, in the press release of this Java update Oracle said "if the JRE is deemed expired or insecure, additional security warnings are displayed. In most of these dialogs, the user has the option to block running the app, to continue running the app, or to go to java.com to download the latest release."

Security Feature Enhancements

The JDK 7u10 release includes the following enhancements:
  • The ability to disable any Java application from running in the browser. This mode can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • The ability to select the desired level of security for unsigned applets, Java Web Start applications, and embedded JavaFX applications that run in a browser. Four levels of security are supported. This feature can be set in the Java Control Panel or (on Microsoft Windows platform only) using a command-line install argument.
  • New dialogs to warn you when the JRE is insecure (either expired or below the security baseline) and needs to be updated.

Bug Fixes

Notable Bug Fixes in JDK 7u10

The following are some of the notable bug fixes included in JDK 7u10.
Area: java command

Description: Wildcard expansion for single entry classpath does not work on Windows platforms.

The Java command and Setting the classpath documents describe how the wildcard character (*) can be used in a classpath element to expand into a list of the .jar files in the associated directory, separated by the classpath separator (;).
This wildcard expansion does not work in a Windows command shell for a single element classpath due to the Microsoft bug described in Wildcard Handling is Broken.
See 7146424.
For a list of other bug fixes included in this release, see JDK 7u10 Bug Fixes page. 

The updated Java Development Kit and Java Runtime Environment are available to download from the Oracle site. 



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed

Posted by Avik Sarkar On 11/10/2012 12:57:00 am

TOR Client Leaking Sensitive Information From Cache Memory, Later The Bug Has Been Fixed  

Major security issue has been found in the world's most famous and widely used software for online anonymity, Tor (The Onion Router). A software developer named Andrey Karpov found that the anonymisation software uses a function called memset() to delete cache data, which is not supported by all compilers. In some cases, that can cause the TOR client to leave confidential data like passwords in the system memory when it is closed. The memset() function is problematic because it is automatically deleted when TOR is optimized for speed with a compiler like the one in Microsoft Visual Studio 2010. Once that happens, the data remains in system memory, where it can be read by malicious programs.
As soon as this security issue get spot light The Tor Project has immediately issues a fix to close the security vulnerability which leads to leak information from memory on some machines running Tor that could give an attacker access to sensitive information stored in the cache. The developers at the Tor Project were alerted to the problem recently and began looking into the issue. What they found is that in some cases, when the Tor client uses a function called memset to erase some cache data on a machine, some of that information will still remain when Tor exits. The data that remains could give an attacker access to sensitive information in the cache. The strring explaining the bug fix in Tor says that different compilers handle the situation differently. In their bug fix Tor Project says that "Tor tries to wipe potentially sensitive data after using it, so that if some subsequent security failure exposes Tor's memory, the damage will be limited. But we had a bug where the compiler was eliminating these wipe operations when it decided that the memory was no longer visible to a (correctly running) program, hence defeating our attempt at defense in depth. We fix that by using OpenSSL's OPENSSL_cleanse() operation, which a compiler is unlikely to optimize away. Future versions of Tor may use a less ridiculously heavy approach for this. Fixes bug 7352."



 -Source (Tor Project, The-H & threatpost)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Patches Multiple Security Holes in Adobe Flash Player & AIR (CVE-2012-5274 to 5280)

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

Critical Buffer Overflow, Memory Corruption & Security bypass Vulnerability in Adobe Flash Player & AIR Patched

Adobe- American multinational computer software company has released new versions of its Flash Player to eliminate a number of critical vulnerabilities  in Flash Player that could lead to system crashes or remote attackers controlling computers running compromised software. All the flaws were discovered by members of the Google Security Team are associated with several CVE numbers; CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280 are buffer overflows, CVE-2012-5279 is a memory corruption issue and CVE-2012-5278 is a security bypass; all of which are listed as potentially allowing an attacker to inject malicious code into the system. Google said it will update Flash Player installed with Google Chrome, and Microsoft will do the same with Internet Explorer 10. In the security bulletin Adobe said that it has released security updates for Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.243 and earlier versions for Linux, Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. 

Adobe recommends users update their product installations to the latest versions:-
  • Users of Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.110.
  • Users of Adobe Flash Player 11.2.202.243 and earlier versions for Linux should update to Adobe Flash Player 11.2.202.251.
  • Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 11.5.31.2 for Windows, Macintosh and Linux.
  • Flash Player installed with Internet Explorer 10 will automatically be updated to the latest Internet Explorer 10 version, which will include Adobe Flash Player 11.3.376.12 for Windows.
  • Users of Adobe Flash Player 11.1.115.20 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.27.
  • Users of Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.24.
  • Users of Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (including AIR for iOS) and Android should update to Adobe AIR 3.5.0.600.

AFFECTED SOFTWARE VERSIONS:- 
  • Adobe Flash Player 11.4.402.287 and earlier versions for Windows and Macintosh
  • Adobe Flash Player 11.2.202.243 and earlier versions for Linux
  • Adobe Flash Player 11.1.115.20 and earlier versions for Android 4.x
  • Adobe Flash Player 11.1.111.19 and earlier versions for Android 3.x and 2.x
  • Adobe AIR 3.4.0.2710 and earlier versions for Windows and Macintosh, SDK (includes AIR for iOS) and Android
To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select "About Adobe (or Macromedia) Flash Player" from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system. To verify the version of Adobe Flash Player for Android, go to Settings > Applications > Manage Applications > Adobe Flash Player x.x.  To verify the version of Adobe AIR installed on your system, follow the instructions in the Adobe AIR TechNote. Adobe also recommended its Adobe AIR users to update  to 3.5.0.600.
While talking about security patches in Adobe product, we want to give to reminder that just couple of weeks ago Adobe also plugged buffer overflow vulnerability in its Shockwave Player. Also in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Posted by Avik Sarkar On 11/05/2012 05:08:00 am

Apple Releases iOS 6.0.1, Serious Flaws in Kernel, Passcode Lock & WebKit Patched

Couple of moths ago we got iOS6, where Apple added over 200 new features, including Apple's own Maps app, Facebook integration, Siri improvements, Apple's new Passbook digital wallet app, and more. iOS 6 is compatible with the third-generation iPad, iPad 2, iPhone 4S, iPhone 4, iPhone 3GS, and fourth-generation iPod touch. With such tremendous features there also several security bugs have been spotted in the wild, which is affecting millions of iOS users across the globe. Among those bugs the most serious seems to be a kernel flaw discovered by researcher Mark Dowd of Azimuth Security and Eric Monti of Square that affects iPhone 3GS and later, as well iPod Touch and iPad2 and later. An attacker exploiting the vulnerability could essentially bypass address space randomization layout (ASLR) protections using a malicious application, and could determine addresses in the kernel, Apple’s advisory said. The researchers said the vulnerability, which could expose data to an attacker, occurs in the way iOS handles application programming interfaces in relation to kernel extensions. 

Apple has released updates for iOS 6 which include security fixes. The iOS 6.0.1 update includes security fixes for the kernel, passcode locking and WebKit. The WebKit issues were also fixed in an update of the Safari web browser for Mac OS X. “Responses containing an OSBundleMachOHeaders key may have included kernel addresses, which may aid in bypassing address space layout randomization protection,” Apple said. “This issue was addressed by unsliding the addresses before returning them.” 
A vulnerability in iOS’ Passcode Lock was also addressed in the latest update that could allow someone with access to the iOS device to access Passbook passes without entering a passcode. “A state management issue existed in the handling of Passbook passes at the lock screen. This issue was addressed through improved handling of Passbook passes,” Apple said. Finally, a pair of WebKit vulnerabilities were patched.
The first involved how iOS handled JavaScript arrays, and could allow an attacker to remotely execute code if a user visited a malicious site and was infected. Apple said it addressed the matter through additional validation of JavaScript arrays. The other WebKit flaw is a use-after-free issue in the handling of SVG images. Scalable vector graphics (SVG) are file formats for static or animated graphics. A user visiting a website hosting a malicious graphic could experience application crashes or worse, an attacker could remotely execute code.  
The iOS 6.0.1 software update also includes fixes for the iPhone 5 to allow it to install over the air updates and to make it work better with WPA2 Wi-Fi networks. There are also corrections for bugs which flashed horizontal lines over the keyboard and stopped the camera flash going off. The two WebKit issues were also the only issues apparently fixed in the Safari 6.0.2 update. Safari 6.0.2 is available through Software Update for Mac OS X 10.7 Lion and the Mac App Store for Mac OS X 10.8 Mountain Lion.

-Source (Apple, threat post & The-H)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Posted by Avik Sarkar On 11/02/2012 03:28:00 am

Mozilla Fixed Cross Site Ccripting (XSS) Flaws & Released Firefox Version 16.0.2

Serious security hole in Mozilla Firefox has been fixed. Mozilla has announced availability of Firefox version 16.0.2, an emergency update to address a serious flaw in the way the browser treats the LocationObject. According to the advisory, successful exploitation of this flaw can result in cross site scripting or code execution. The bug was first discovered by security researcher Mariusz Mlynski, which  forced Mozilla developers to release the third emergency fix in a month since the introduction of version 16 of the popular browser. According to the Security Advisories of Mozilla Foundation -Mozilla has fixed a number of issues related to the Location object in order to enhance overall security. With Firefox 16.0.2 also the security bug in Firefox ESR 10.0.10, Thunderbird 16.0.2, Thunderbird ESR 10.0.10 & SeaMonkey 2.13.2 has been fixed. Security researcher Mariusz Mlynski reported that the true value of window.location could be shadowed by user content through the use of the valueOf method, which can be combined with some plugins to perform a cross-site scripting (XSS) attack on users. There is also the possibility of gaining arbitrary code execution if the attacker can take advantage of an add-on that interacts with the page content. Security researcher Antoine Delignat-Lavaud of the PROSECCO research team at INRIA Paris reported the ability to use property injection by prototype to bypass security wrapper protections on the Location object, allowing the cross-origin reading of the Location object. Users running older versions of Firefox are advised to update immediately using the auto-update feature built into the browser.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Closes Several Critical Security Hole in Shockwave Player

Posted by Avik Sarkar On 10/27/2012 02:48:00 am


Adobe Closes Several Critical Security Hole in Shockwave Player

If you are a fan or regular user of  Adobe Shockwave Player on your Windows or Mac computer then it's time for you to update your systems. Adobe has released a security update for Adobe Shockwave Player 11.6.7.637 and earlier versions on the Windows and Macintosh operating systems. This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638 using the instructions provided below.
This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, CVE-2012-4175, CVE-2012-5273)
  • AFFECTED SOFTWARE VERSIONS:-
Adobe Shockwave Player 11.6.7.637 and earlier versions for Windows and Macintosh
  • SOLUTION:-
Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638, available here: http://get.adobe.com/shockwave/.

This update resolves an array out of bounds vulnerability that could lead to code execution (CVE-2012-4176). Adobe has said that the update is a priority 2 issue. The company recommends users update their installations as soon as is possible, but notes there are no known Shockware exploits in the wild for these flaws.
If you dig the recent past, then you will found the security of Adobe products has been under the microscope the last four weeks. Most recently, Adobe upgraded its Reader and Acrobat products with enhancements to its sandbox functionality and a new feature that forces any DLL loaded by either application to use Address Space Layout Randomization (ASLR). Also we want to remind you that in late September, Adobe disclosed that it had been attacked and hackers were using a valid Adobe certificate to sign two malicious utilities used most often in targeted attacks. Adobe revoked the certificate Oct. 4.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Posted by Avik Sarkar On 9/28/2012 04:42:00 am

Researcher Figure-out Yet Another Java Hole That Puts 1 Billion Users at Risk

Just as Oracle is ramping up for the September 30 start of JavaOne 2012 in San Francisco yet again another critical Java vulnerability has been spotted in the wild.  The Polish security researcher Adam Gowdiak has found another vulnerability in Java that could allow an attacker to bypass the sandbox. This newly discovered security hole has effected all latest versions of Oracle Java SE software. According to Security Explorations researcher Adam Gowdiak, who sent the email to the Full Disclosure Seclist, this Java exploit affects one billion users of Oracle Java SE software.” So far the researcher were able to successfully exploit the vulnerability and achieve a complete Java security sandbox bypass 
in the environment of Java SE 5, 6 and 7. Researcher could only claim such an impact with reference to Java 7 environment (the 
Apple QuickTime attack relying on Issues 15 and 22 is the only exception here). 





The following Java SE versions were verified to be vulnerable:

  • Java SE 5 Update 22 (build 1.5.0_22-b03)
  • Java SE 6 Update 35 (build 1.6.0_35-b10)
  • Java SE 7 Update 7  (build 1.7.0_07-b10)


All tests were successfully conducted in the environment of a fully patched Windows 7 32-bit system and with the following web browser applications:

  • Firefox 15.0.1
  • Google Chrome 21.0.1180.89
  • Internet Explorer 9.0.8112.16421 (update 9.0.10)
  • Opera 12.02 (build 1578)
  • Safari 5.1.7 (7534.57.2)
So far there are no reports that the vulnerability is being exploited for attacks. Oracle has not said whether or when it will close the vulnerability. Here we want to remind the very recent history, when several zero day vulnerability was found in all the version of java, which was added on BlackHole Exploit kit. Later Oracle released a patch to close the security hole. 








SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Microsoft Issues 'fix it' To Close Internet Explorer 0-day Vulnerability 

Last few days the whole cyber world have gone through with so many drama of Internet Explorer's security bug, as researchers have unveiled four active exploits of a zero-day vulnerability in the browser. As expected the software giant Microsoft has released an emergency fix to get rid of these major security issues. Microsoft released a “fix it” tool for a critical security flaw in most versions of Internet Explorer 6, 7, 8 and 9  that hackers have been exploiting to break into Windows systems. The company said it expects to issue an official patch (MS12-063) for the vulnerability on Friday, Sept. 21. "While we have only seen a few attempts to exploit this issue, impacting an extremely limited number of people, we are taking this proactive step to help ensure Internet Explorer customers are protected and able to safely browse online," said Yunsun Wee, director of Microsoft Trustworthy Computing in a statement. The zero-day in IE 6-9 is a use-after-free memory corruption vulnerability, similar to a buffer overflow, that would enable an attacker to remotely execute code on a compromised machine. The original exploit payload dropped the PoisonIvy remote access Trojan (RAT) via a corrupted Flash movie file. The latest payload discovered dropped the PlugX RAT via the same corrupted Flash movie, Blasco said. He also said the new exploits are the work of the Chinese hacker group Nitro, the same group behind a pair of Java zero-day exploits disclosed in August.

Blasco also said the new exploits appear to be targeting defense contractors in the United States and India.
Microsoft recommended several workarounds Tuesday morning before announcing its intention to send out a FixIt.
  • Setting Internet and local Internet security zone settings to high, which would block ActiveX Controls and Active Scripting in both zones
  • Configure IE to prompt the user before running Active Scripting, or disable Active Scripting in both zones
  • Use of Microsoft's Enhanced Mitigation Experience Toolkit provides mitigations as well, and would not impact website usability, as both of the first two options might.
Microsoft also said that IE running on Windows Server 2003, 2008 and 2008R2 runs in a restricted mode that mitigates the vulnerability. Outlook, Outlook Express and Windows Mail also open HTML messages in a restricted zone, mitigating the vulnerabilty but should a user click a link in a message, they could still be vulnerable to exploit.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October)

Posted by Avik Sarkar On 9/11/2012 12:06:00 am

Adobe Says Windows 8 Users are Vulnerable to Active Flash Exploits (Microsoft Will not Patch the Bug Until October 26)


Adobe confirmed a serious security hole in Windows 8, hackers have been aiming at  Microsoft's Windows 8 PCs for several weeks as it is vulnerable to attack by exploits. Its very unfortunate for those who runs all the four (consumer previewdeveloper preview, release preview & enterprise) pre-release version of Windows 8, because the Redmond based software giant Microsoft said it will not patch the bug in Flash Player until what it called "GA," for "general availability." That would be Oct. 26, when Windows 8 hits retail and PCs powered by the new operating system go on sale. 
"We will update Flash in Windows 8 via Windows Update as needed," a spokeswoman said in a reply to questions. "The current version of Flash in the Windows 8 RTM build does not have the latest fix, but we will have a security update coming through Windows Update in the GA timeframe."
Microsoft, not Adobe, is responsible for patching Flash Player in Windows 8 because the company took a page from Google's playbook and integrated the popular media software with Internet Explorer 10 (IE10), the new operating system's browser. Last month, Adobe issued two updates for Flash Player that patched eight vulnerabilities, some of which were ranked as "1" by the company, its highest threat warning. One of the vulnerabilities, tagged as CVE-2012-1535, was patched Aug. 14, but had been exploited for an indeterminate time before that.
In fact, CVE-2012-1535 was one of four "zero-days," or unpatched vulnerabilities, exploited in a 16-week stretch by an elite hacker gang revealed by Symantec researchers on Friday. Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.
Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago. On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

-Source (Computer World)









SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search