Tag Archives: vulnerability

Microsoft Issues Fix It for Internet Explorer Zero Day Vulnerability

A few days ago, we reported a new vulnerability in Microsoft’s Internet Explorer that could allow an attacker to execute code remotely on an affected PC. The vulnerability had been spreading fast and had been added to free attack tools used by hackers.

Microsoft has now issued an interim solution in the form of a Fix It tool which can be downloaded from here. In a blog post published today, Microsoft’s Yunsun Wee says that the tool is a one click solution that will protect users right away and that it will not hinder user’s web browsing in any way. You wont have to reboot your computer as well.

Microsoft will be releasing an out-of-band security update, MS12-063 this Friday to close the vulnerability. The update will be rated critical and will address the zero day vulnerability (Security Advisory 2757760) along with four other remote code execution issues. Users who downloaded the FixIt solution need not uninstall it before installing the update.

If you have automatic updates enabled, the update will be installed automatically and if you don’t, make sure that you install the update so that your computers are not vulnerable. Also, I highly recommend installing the FixIt solution right now to prevent any zero day attacks.

Another day, Another Java Vulnerability Discovered!

So you have read about the recent vulnerabilities discovered in Java that attackers used to spread malware? Have you installed the latest out-of-band update that Oracle released in order to close those vulnerabilities? Think it’s time to move on to other stories? Well, think again.

Computer World is reporting that another serious vulnerability in the latest update has been discovered that could allow an attacker to escape the Java security sandbox and run arbitrary code on your system. The vulnerability was discovered by a Polish security firm called Security Explorations and has been reported to Oracle, according to their CEO, Adam Gowdiak. He has also stated that they will not be releasing any technical details on the vulnerability until Oracle issues a fix.

In an email to IDG News Service, he states,

“Once we found that our complete Java sandbox bypass codes stopped working after the update was applied, we looked again at POC codes and started to think about the possible ways of how to fully break the latest Java update again,” Gowdiak said. “A new idea came, it was verified and it turned out that this was it.”

Oracle hasn’t hinted whether they will be releasing an out-of-band update like the previous one or just include the patch in the scheduled October update. With vulnerabilities being discovered at such a fast pace, it might be time for Oracle to re-consider their four month update cycle. With the time span for fixing these vulnerabilities increasing, the chances of these vulnerabilities being used to attack users also increase leaving users with greater risk.

At this moment, the best option for you is to disable Java if you don’t really use it. Alternately, you can disable Java in your primary browser and use a secondary browser only to use web apps that require Java (if you absolutely need to use those web apps and are sure that those are not rogue) so that you don’t wander into compromised websites that make use of Java vulnerabilities.

Opera Browser Vulnerable to Memory Corruption Exploit

In the raging browser wars, features, security and stability are paramount to competing. Opera might want to get a serious handle on things with the next release they push.

There is a memory corruption bug that has been present in Opera 10, 11 and the pre-release of 12 on Windows XP SP3. The vulnerability exists within SVG (Scalable Vector Graphics) layout handling. By nesting SVG functions within XML calls, an attacker is able to crash Opera. While crashing a browser might not seem like a huge deal to some, couple it with code injection and you have an exploit that can lead to complete remote code execution, and then it’s game over.

The exploit, which was discovered over a year ago, was reported to Opera but never fixed. Jose Vasquez, the original author, has published full details on the vulnerability as well as written and released a complete Metasploit module. Metasploit is a security framework for penetration testing, allowing a large number of security professional to collaborate on software and service vulnerabilities.

What might seem like a benign crash of your browser, might turn out to be an attacker positioning themselves to take control of your computer and network. Although it’s been previously broken, Jose also indicates it may be possible to bypass DEP, which is an active security feature provided by Microsoft,  specifically made to prevent unwanted code execution.

In an interview, Opera’s co-founder,  Jon Stephenson von Tetzchner indicated their number of users grew from 50 million in 2009 to over 150 million in just one year. There are a lot of users who are potentially vulnerable to exploitation of this bug. When Opera 11.51 was released, major security and minor stability issues were the reason for the update. If we consider that  this bug has been present since 10.50, disclosed to Opera over a year ago, and still left unfixed — many users may want to look at switching to the very popular Chrome  or Firefox 7  until Opera fixes this issue.

iPhone Users Vulnerable To Address Book Snarfing Via Skype XSS

Skype users on iOS devices should be on the look out for malicious users who intend on stealing their address book.

A vulnerability affecting Skype 3.01 on iOS devices, including the iPod Touch and iPhone, gives an attacker the ability to secretly upload the entire contents of your address book. The hole is due to a non-validated input field in the client, instead of the contents being displayed to the user, they are executed. Coupling XSS with sandbox permissions that do not allow for fine-tuned access control within apps, provides a way for an attacker to steal the contents of an unsuspecting user’s address book.

Skype has been criticised numerous times over identical vulnerabilities in their desktop software, that allowed for remote code to be executed on a victim’s computer. The flaw is one that Skype has had reported numerous times, fixed numerous times, yet they have not completely audited the applications before release.

Phil has detailed the attack performed against an iPhone 4 running iOS 4.3.5 and has indicated that the vulnerability was reported to Skype over a month ago. Hopefully a fix is in the works, but more importantly, hopefully Skype will perform a full check instead of simply throwing input sanitising on the vulnerable text field.

Motorola Droid 3 Reaches Root Status

The Motorola Milestone 3, known stateside as the Droid 3, has been rooted!   The well-known kernel hacker and security researcher Dan Rosenberg, has posted the details of a simple vulnerability that provides superuser access to the device by using a configuration value that prevents the Android Debugging Bridge from de-escalating its root privileges.

The Droid 3 is the successor to the very popular Droid 2. It launched on Verizon back in July, with a locked bootloader preventing customized kernels and ROM cooking. The original Motorola Droid implemented security measures that required signed images for flashing. It took almost a year before it was rooted and Motorola stuck with their choice to alienate power users by enforcing signature checks on their Droid series of devices.

Featuring a spacious 5-row hardware QWERTY keyboard, qHD screen and all the methods of connectivity you can handle, the Droid 3 is a powerhouse of a device. Although none of the Droids are included in the guide to the Best Android Phones in India, the original Droid pushed Android launch sales over the iPhone and beat the Nexus One.

Now that Google and Motorola have joined forces, the Android community can expect more top-tier hardware built by Motorola and powered by unskinned, unmolested and bloatware-free Android, receiving timely updates directly from Google.