JailbreakMe: Apple issues emergency iPhone/iPad security patch
August 12, 2010 by admin
Filed under Security News
Apple has kept true to its promise, and released a security patch for users of iPhones, iPads and the iPod Touch, closing the door on a vulnerability that could have exposed them to malware and other malicious attacks.
The vulnerability first came to the public’s attention after it was used by a website, JailbreakMe.com, which made it simple for iPhone and iPad users to jailbreak their devices.
As I reported earlier this month, the drive-by jailbreak exploited a vulnerability in the way that the mobile edition of Safari (the default browser used in the iOS operating system) handles PDF files – specifically its handling of fonts. Therefore, just visiting the JailbreakMe website could run code on the visitor’s iPhone, iPod Touch or iPad.
Such a vulnerability, if left unpatched, leaves open opportunities for hackers to spread malicious code to Apple’s mobile products.
The iOS 4.0.2 update for iPhone and iPod Touch can be downloaded and installed using iTunes, with further information available in Apple’s support advisory HT4291.
The same process can be used to update Apple iPads to version 3.2.3 of iOS, with detailed information about the vulnerability published on Apple’s support knowledgebase.
GFI Backup 2009 Home Edition (build 20100730) now available
August 6, 2010 by admin
Filed under Protection Tools
Apple secretly updates Mac malware protection
June 20, 2010 by admin
Filed under Security News
Apple’s 10.6.4 operating system upgrade earlier this week silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.
Although there is no mention of it that we could find in Apple’s release notes for Mac OS X 10.6.4, or the accompanying security bulletin, Apple has updatedXProtect.plist – the rudimentary file that contains elementary signatures of a handful of Mac threats – to detect what they call HellRTS.
HellRTS, which Sophos products have been detecting as OSX/Pinhead-B since April, has been distributed by malicious hackers disguised as iPhoto, the photo application which ships on modern Mac computers.
If you did get infected by this malware then hackers would be able to send spam email from your Mac, take screenshots of what you are doing, access your files and clipboard and much more.
Unfortunately, many Mac users seem oblivious to security threats which can run on their computers. And that isn’t helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. “Shh! Don’t tell folks that we have to protect against malware on Mac OS X!”
It seems their own employees can be amongst the worst offenders when it comes to giving users security advice. Just a few days ago I saw a former colleague of minetweet about the poor advice about malware protection being offered in Apple retail stores.
YouTube on IE is forcing to update the flash player
June 12, 2010 by admin
Filed under Security News
If you are visiting YouTube and you want to watch any video you will see this message like this picture:
Because there is a critical vulnerabilities that have been discovered in the current versions of Adobe Flash Player for Windows, Macintosh, Solaris and Linux.
Critical patches: Update your Adobe Flash player now
June 11, 2010 by admin
Filed under Security News
Adobe has issued a security bulletin detailing critical vulnerabilities that have been discovered in the current versions of Adobe Flash Player for Windows, Macintosh, Solaris and Linux.
An update issued by Adobe claims to resolve 32 vulnerabilities in Flash Player – which if left unpatched could leave open a door for hackers to infect innocent users’ computers. Some of the security holes are already being exploited by malicious hackers.
Adobe is recommending that users upgrade to Adobe Flash Player 10.1.53.64.
If you’re not sure which version of the Adobe Flash Player you have installed, visit theAbout Flash Player page. Remember that if you use more than one browser on your computer you should check the version number on each.
Adobe further recommends that users of Adobe AIR version 1.5.3.9130 and earlier versions update to Adobe AIR 2.02.12610.
It is becoming more and more common for cybercriminals to exploit vulnerabilities in Adobe’s software – so it would be a very good idea for everyone to update vulnerable computers as soon as possible.
A swarm of Safari security holes: Mac and Windows users told to update
June 9, 2010 by admin
Filed under Security News
Whether you own a Windows or Mac OS X computer, if you’re a user of Apple’s Safari browser, it’s time to update your computer against a swarm of security vulnerabilities.
With the attention of most Apple devotees diverted this week towards the sleek new iPhone 4, some may have missed that the Cupertino-based company has also issued a brand new version of its web browser, Safari.
Most interestingly to us, however, is the news that Safari 5.0 not only includes new functionality, but also plugs at least 48 different security vulnerabilities that (if left unpatched) could be exploited by hackers.
Mac OS X version 10.4 users (which Safari 5 doesn’t support) aren’t left in the lurch either. Apple has issued Safari version 4.1 for those customers, which addresses the same set of security issues.
Critical security updates from Microsoft and Adobe
May 12, 2010 by admin
Filed under Security News
It was “Patch Tuesday” yesterday, which means another parcel of security updates for computer users to unwrap, and this time the fixes aren’t just from Microsoft, but from Adobe too.
First on the menu is Microsoft, which has served up two security bulletins detailing vulnerabilities that could be exploited by hackers to execute malicious code (such as a worm) on your computer.
The first of these security holes exists in Outlook Express, Windows Mail, and Windows Live Mail. Microsoft’s Security Research & Defense blog goes into some detail about the vulnerability, explaining that although the security hole is given a “critical rating” on Windows 2000, Windows XP, Windows Vista, Windows Server 2003, and Windows Server 2008, it is considered less serious for Windows 7 users as Windows Live Mail is not installed by default on that platform.
The other patch from Microsoft addresses a vulnerability in Visual Basic for Applications, a component used by Microsoft Office and other third-party products. Microsoft has given this security update its highest possible rating – “Critical” – for all supported versions of Microsoft Visual Basic for Applications SDK and third-party applications that use Microsoft Visual Basic for Applications. It is also rated “Important” for all supported editions of Microsoft Office XP, Microsoft Office 2003, and the 2007 Microsoft Office System.
Next up is Adobe, who have released patches to squash over 20 security vulnerabilities in its Shockwave and ColdFusion products.
The critical vulnerabilities identified in Adobe Shockwave Player 11.5.6.606 and earlier versions impact both Windows and Macintosh users, and could allow attackers to run malicious code on your computer.
Adobe recommends that users update their version of Adobe Shockwave Player to version 11.5.7.609.
Details of the ColdFusion vulnerabilities, classed as “important”, are provided in Adobe Security Bulletin APSB10-11.
Enough of waffle. Download and install the patches if your computer is affected.
By Graham Cluley, Sophos
Microsoft to release emergency Internet Explorer patch on Tuesday
March 29, 2010 by admin
Filed under Security News
Microsoft has announced that it will be issuing an emergency out-of-band patch for a critical security hole in some versions of Internet Explorer on Tuesday 30 March.
According to a Microsoft advisory, the emergency fix is designed to protect users of Internet Explorer 6 and Internet Explorer 7.
Microsoft normally bundles its security updates into a monthly package, known in the industry as “Patch Tuesday” (the second Tuesday of each month), and it is relatively unusual for the company to issue a fix for a security vulnerability outside of this cycle. Clearly Microsoft considers the bug particularly important to patch as soon as possible.
And in my opinion they’re right not to leave this vulnerability unpatched until April 13th. Earlier this month I described how hackers are actively exploiting the vulnerability, in their attempt to infect computers.
The researchers in SophosLabs reported some of the malicious spam messages we have seen being distributed which attempt to trick users into visiting websites that will exploit the zero day vulnerability and infect Windows PCs.
More information about the security flaw can be found in Sophos’s analysis of the problem.
So, if you are still using Internet Explorer versions 6 or 7, please be sure to update your systems as soon as Microsoft releases the fix. But, in all honesty, what are you doing running such old versions of IE anyway? Shouldn’t you have upgraded to Internet Explorer 8 by now?
By Graham Cluley, Sophos
Related Blogs
Protecting against the Internet Explorer zero day vulnerability
March 16, 2010 by admin
Filed under Security News
A few days ago Microsoft warned its users of an unpatched security hole in its products that could leave Windows users exposed to attacks by cybercriminals.
The Internet Explorer vulnerability, which has the CVE reference CVE-2010-0806 and fortunately does not affect Internet Explorer 8, is being actively exploited by malicious hackers. As reported on the SophosLabs blog, we have seen malicious spam messages being distributed which try and trick users into visiting websites that will exploit the zero day vulnerability to infect PCs.
Sophos detects the exploit scripts seen so far generically as Troj/ExpJS-R.
A proper patch from Microsoft for the problem is not yet available, but the company has issued a couple of workarounds that can be used by vulnerable Windows users.
One of Microsoft’s workarounds makes it easy for users to automate the changes that need to be made to the Windows registry (something that normally can give regular users the heebie-jeebies) to disable the “peer factory” class on Windows XP and Windows Server 2003.
They have also provided a workaround that enables Data Execution Prevention (DEP) on Internet Explorer 6 Service Pack 2 and Internet Explorer 7.
If you are responsible for the security of a number of Windows PC, rather than just your personal computer, you may wish to read the more detailed advice Microsoft provides on workarounds.
More information about the security flaw can be found in Sophos’s analysis of the problem.
There’s no word yet on when Microsoft will make available a proper fix for this problem, or indeed whether it will be included in their next scheduled “Patch Tuesday” bundle of patches scheduled for April 13th or released as an out-of-bound fix.
But I think it’s good that they gave the less geeky users of computers a fairly easy way to implement the workaround, rather than leaving them befuddled by complicated instructions.
This latest attack is a timely reminder for all Internet Explorer users that maybe it’s high time they updated their systems to version 8.0 of the popular web browser.
By Graham Cluley, Sophos
Windows and Mac users urged to update Safari
March 12, 2010 by admin
Filed under Security News
Apple has released version 4.0.5 of its Safari browser, fixing a number of issues with its browser for Windows and Mac OS X including – most importantly – a grand total of 16 security vulnerabilities.
If you dilly-dally over updating your computer, it’s possible that hackers could exploit the security bugs – including some that could mean that simply visiting a webpage with a maliciously crafted image could lead to malicious code being automatically run on your computer.
Interestingly, one of the bugs (CVE-2009-2285) fixed in Safari 4.0.5 was announced and patched in Mac OS X 10.6.2 back in December 2009, and in Mac OS X 10.5 since January, meaning that Windows users of Safari have been vulnerable for over two months to the way their browser handles booby-trapped TIFF images.
But it doesn’t matter whether you own a Mac or PC, if you run Safari the message is clear: It’s time to update your browser and ensure that you are protected against hackers exploiting the security holes detailed in the security advisory on Apple’s website.
Safari users should practise safe computing, and update their systems as soon as possible.
By Graham Cluley, Sophos
