Posts Tagged ‘Mac’

Wednesday, April 30, 2014 @ 04:04 PM gHale

Adobe created an update for it s Flash Player for Windows, Mac and Linux, as a newly discovered Zero Day vulnerability affecting the software is undergoing active hits in the industry.

In the security bulletin the company published to warn users and urge them to update, Kaspersky Lab researcher Alexander Polyakov gained credit for discovering the attacks.

After False Start, Apache Struts Fixed
DoS Risk with Apache Tomcat Servers
DDoS Attacks Break Records
DDoS Attacks: Smarter, Faster, Severe

The researchers discovered two separate SWF exploits that took advantage of the vulnerability, located in the Pixel Bender component, designed for video and image processing.

The exploits are in two .swf files, and both end up positioned in a innocuous-looking folder on a compromised site.

“The site was launched back in 2011 by the Syrian Ministry of Justice and was designed as an online forum for citizens to complain about law and order violations. We believe the attack was designed to target Syrian dissidents complaining about the government,” said Kaspersky Lab researcher Vyacheslav Zakorzhevsky.

The victims end up redirected to the exploits using a frame or a script located at the site and, according to the company’s products’ detections, seven unique users located in Syria ended up affected.

“It’s likely that the attack was carefully planned and that professionals of a pretty high caliber were behind it,” Zakorzhevsky said. The exploits are well-written, and the fact a vulnerability in the no longer supported Pixel Bender component was the target seems to imply they didn’t want the exploit seen for a long time.

“We are sure that all these tricks were used in order to carry out malicious activity against a very specific group of users without attracting the attention of security solutions. We believe that the Cisco add-in may be used to download/implement the payload as well as to spy directly on the infected computer,” Zakorzhevsky said.

Thursday, April 10, 2014 @ 06:04 PM gHale

Adobe updated Flash Player to address four security holes.

Windows and Mac users should update their installations to version, while Linux users should update to

Adobe Patches Shockwave Player
Adobe Updates Flash Player
Adobe Patches Shockwave
IE Leads Patch Tuesday Fixes

Google Chrome, Internet Explorer 10 and Internet Explorer 11 installations automatically update.

The first vulnerability addressed with the release of Adobe Flash Player refers to a use-after-free bug that could end exploited for arbitrary code execution.

This vulnerability came to Adobe via VUPEN at the Pwn2Own competition that took place alongside the CanSecWest security conference.

The second flaw is a buffer overflow that could also result in code execution. This issue, also disclosed at Pwn2Own 2014, came via Zeguang Zhao and Liang Chen.

According to the description on NIST’s National Vulnerability Database, the bug “allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism via unspecified vectors.”

The updates also address a security bypass vulnerability that could lead to information disclosure, Adobe said.

Finally, a cross-site scripting (XSS) vulnerability also received a patch. Masato Kinugawa disclosed the XSS vulnerability.

Some of the vulnerabilities are critical because an attacker could exploit them to take control of the impacted system.

There’s no evidence that these security holes are under attack, but user should apply the updates as soon as possible.

Thursday, March 13, 2014 @ 06:03 PM gHale

Adobe released updates for Flash Player for Windows and Mac, and Flash Player for Linux to address security holes.

The company advises all users of Adobe Flash Player and earlier versions for Windows and Mac to update their installations to version Linux users who still utilize version and earlier should update to Flash Player

Adobe Patches Shockwave
IE Leads Patch Tuesday Fixes
Exploit for Patched Flash Bug
Exploit for Patched Flash Bug

The updates address two vulnerabilities. The first one has the CVE identifier CVE-2014-0503 and it refers to a flaw that could end up exploited to bypass the same origin policy. The second issue, CVE-2014-0504, could allow attackers to read the contents of the clipboard.

The same origin policy bypass vulnerability ended up discovered by Masato Kinugawa. The other security hole by Jordan Milne.

Adobe said Flash Player installed with Chrome, Internet Explorer 10 and Internet Explorer 11 will update automatically to the latest version.

Flash Player vulnerabilities often end up leveraged by bad guys in their operations. Last month, Adobe released an emergency update to fix a Zero Day exploit.

Monday, February 17, 2014 @ 11:02 AM gHale

Adobe Systems released fixes for Shockwave addressing two vulnerabilities that could allow attackers to remotely take control of affected systems.

The new Shockwave Player version released last week is and is available for Windows and Mac.

IE Leads Patch Tuesday Fixes
Exploit for Patched Flash Bug
Big Network Time Protocol DDoS

The update fixes two memory corruption vulnerabilities identified as CVE-2014-0500 and CVE-2014-0501 that could lead to code execution, Adobe said in a security advisory. The vulnerabilities ended up reported to the company by researcher Liangliang Song of Fortinet’s FortiGuard Labs.

The Shockwave Player update comes one week after Adobe broke out of its regular patching cycle to release an emergency update for Flash Player that addressed an actively exploited vulnerability. Unlike the Flash Player flaw, there are no reports that the Shockwave Player vulnerabilities are suffering from active exploitation.

Shockwave Player displays online content like games, product demonstrations, e-learning courses and simulations created with Adobe’s Director software. It’s not as widespread as Flash Player, but it is on over 450 million desktop computers according to Adobe, which makes it a potential target for hackers.

Shockwave Player installs a plug-in in Web browsers which means it can suffer attack with drive-by download exploits loaded from maliciously crafted or infected websites.

Monday, November 18, 2013 @ 07:11 PM gHale

Adobe has been under fire this year for vulnerabilities, and the most recent fix to Flash Player is no different as it fixes security holes that could lead to compromise of the targeted system.

The new Flash Player 11.9.900.152 eliminates two memory corruption vulnerabilities (CVE-2013-5329 and CVE-2013-5330) that would allow an attacker to execute malicious native code on the targeted machine surreptitiously.

Adobe Hack Bigger than Thought
Adobe Hacked, Source Code Leaked
Too Small for an Attack? Think Again
2 Teens Busted in Separate DDoS Attacks

Adobe labeled both security updates as critical and have the highest priority rating (1) on Windows and Mac. This means administrators should install the latest version in the shortest time possible.

The company did not provide any information about possible exploitation of the vulnerabilities.

Adobe released a security hotfix for ColdFusion as well, for versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and Linux.

The patch addresses a flaw (reflected cross site scripting – CVE-2013-5326) that an attacker could leverage remotely when the CFIDE directory ends up exposed (in ColdFusion 10 and earlier).

Another security hole plugged by the ColdFusion hotfix would allow unauthorized remote read access.

Friday, September 20, 2013 @ 07:09 PM gHale

Mozilla released its latest open-source Firefox browser update for Android as well as desktop versions for Windows, Mac and Linux operating systems.

The Firefox 24 release is light on new user-facing features and heavy on security fixes, providing 17 security advisories, seven of which Mozilla rated “critical.”

Patched Safari Bug under Attack
Text String Takes Bite Out of Apple
Still a Hack, but Wrong Person
‘Jekyll’ Test Attack Takes Over

Among the critical vulnerabilities Mozilla is fixing in Firefox 24 are a number of memory safety related security issues.

“Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products,” the Mozilla Foundation Security Advisory (MFSA) 2013-76 said.

“Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.”

There is also a use-after-free flaw with the “select” HTML element. A use-after-free memory error is one where authorized memory is able to end up used by unauthorized elements after it is no longer in use.

Mozilla said in its security advisory that security researcher Scott Bell used Google’s open-source Address Sanitizer tool in order to find the flaw. Google commonly uses Address Sanitizer itself to find use-after-free flaws in its own Chrome browser.

Wednesday, September 11, 2013 @ 12:09 PM gHale

Adobe launched a series of updates and patches for vulnerabilities in Flash, Reader, Acrobat and Shockwave.

Adobe said quite a few of the vulnerabilities could end up running attacker code on vulnerable systems or crash those machines. The updates for Adobe Reader and Acrobat resolve memory corruption flaws and buffer overflows in the software for Windows and Mac.

Microsoft releases 13 bulletins, axes .NET patch
Adobe Updates Flash, Shockwave, ColdFusion
Adobe Fills Hole in Flash, AIR
Adobe in Patch Mode

From Adobe’s advisory for Reader and Acrobat:
• Updates resolve stack overflow vulnerabilities that could lead to code execution (CVE-2013-3351).
• Updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2013-3352, CVE-2013-3354, CVE-2013-3355).
• Updates resolve buffer overflow vulnerabilities that could lead to code execution (CVE-2013-3353, CVE-2013-3356).
• Updates resolve integer overflow vulnerabilities that could lead to code execution (CVE-2013-3357, CVE-2013-3358).

The update for Adobe Flash fixes four vulnerabilities that can lead to code execution on Windows, Mac and Linux systems.

“Adobe has released security updates for Adobe Flash Player 11.8.800.94 and earlier versions for Windows and Macintosh, Adobe Flash Player and earlier versions for Linux, Adobe Flash Player and earlier versions for Android 4.x, and Adobe Flash Player and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system,” the advisory said.

As for Shockwave, the update fixes two memory corruption vulnerabilities that can lead to remote code execution on Windows and Mac.

Thursday, September 5, 2013 @ 05:09 PM gHale

The developers behind Bitcoin-QT, a software wallet used to protect and back up Bitcoin currency, have a new version of the client, fixing some security issues like a critical denial-of-service (DoS) bug.

Version 0.8.4 of the original Bitcoin client posted to SourceForge and anyone running an out of date version can update by either running the Windows installer or copying over the new code on Mac and Linux builds.

Patch Ready for Bitcoin Wallet Hole
Android, Bitcoin Security Concern
Skype Malware Helps Mine for Bitcoins
Mobile Alert: Android Woes Continue

According to the update summary, an attacker could have sent a series of messages that would have resulted in an integer division-by-zero error in the Bloom Filter handling code. This DoS bug would have forced versions 0.8.0 through 0.8.3 of the program to crash.

The update also adds a constant-time algorithm to check RPC password guess attempts (CVE-2013-4165) and a fix for the fill-memory-with-orphan-transactions attack (CVE-2013-4627) that opened new vectors of attack by a previous buggy patch.

Bitcoins, the decentralized virtual currency that popped into the cultural mainstream this summer has already proved a popular target for attackers. Hackers knocked the Mt. Gox trading exchange offline in April.

Thursday, July 18, 2013 @ 04:07 PM gHale

Windows for quite some time now has had a monopoly on suffering from the ravages of ransomware, but now it appears Macs are joining in on the “fun.”

There is now a strain of Mac OS X ransomware, also known as “scareware,” which essentially takes a victim’s computer hostage until they pay a certain fee to unlock it, said researchers at security firm Malwarebytes.

Ransomware Forces Survey on Victim
Music App a Political Android Trojan
Android Master Key Open to Attack
Skype Android Vulnerability

In the case of the threat Malwarebytes found, users, after visiting a website filled with malicious code, had their browsers hijacked and then they received a message claiming to come from the FBI, senior security researcher Jerome Segura said in a blog post.

The faux alert tries to intimidate the victim with a legitimate-looking post that says their “browser has been blocked” because their computer either violated copyright laws, viewed porn or initiated some type of illegal access.

The scam demands $300 from the victim, who can pay it through Green Dot MoneyPak by purchasing a prepaid card and transferring the value to the attackers.

Paying the scammers is not what anyone recommends, but neither is trying to “force quit” the web page containing the bogus threat, said Malwarebytes researchers. Because of the Safari browser’s auto-restore feature, the page only will return when the browser starts back up.

Instead, users should click on the “Safari” tab on the navigation bar and choose “Reset Safari,” ensuring all of the boxes are checked. Then hit “Reset.”

The ransomware comes from websites where victims end lured after searching for popular search terms, Segura said. For example, Segura stumbled upon the scam after searching for “Taylor Swift” on Bing Images. Segura did not say how widespread the threat is.

Windows users have seen this type of threat before, but attackers appear headed in the same direction on Macs.

Archived Entries