June 19, 2013

You are here: Home / Archives for Apple

Oracles releases critical security update for Java, Apple follows suit

June 19, 2013 by Leave a Comment

java-square(LiveHacking.Com) – Oracle has released a critical patch update for Java that address at least 40 security vulnerabilities, 37 of which may be remotely exploitable without authentication, meaning they can be exploited over a network without the need for a username and password.

The new version of Java is Java 7 update 25 and it is the recommend upgrade for all users using Java 7 Update 21 and earlier; Java 6 Update 45 and earlier; and Java 5.0 Update 45 and earlier. It seems that Oracle has is no longer shipping updates for Java 6, however Apple has released a security advisory about Java for OS X 2013-004 and Mac OS X v10.6 Update 16.

In its advisory Apple recommend that OS X 10.6 users update to Java version 1.6 update 51 to address multiple vulnerabilities in Java 1.6 update 45. According to Apple Java 6 update 45 has bugs which allow “an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.” This means that Java 6 has been updates but is only available for OS X 10.6 users.

It is important that you apply this Java updates as soon as possible. Research from Websense has revealed that over 90% of users don’t update their Java versions in a timely manner.

Java is prone to security vulnerabilities and it is recommended, even after applying the latest patches, that users disable Java in the browser completely. If you don’t need Java (which you likely don’t), you should strongly consider removing Java completely from your machines.

Filed Under: Apple, Java, News, Vulnerability Tagged With: , ,

Apple updates OS X and Safari to fix critical security issues

June 5, 2013 by

(LiveHacking.Com) – Apple has released updates for Mac OS X 10.6.8, OS X Lion v10.7.5, OS X Mountain Lion v10.8 and v10.8.3 to fix a range of Apple-logoCritical security vulnerabilities including a fix for an error that could allow a remote attacker to execute arbitrary code with system privileges on Macs with Directory Service enabled. At the same time Apple has also released Safari 6.0.5. The new release of the web browser, which is also included in OS X Mountain Lion v10.8.4, fixes a range of WebKit errors many of which have been previously fixed in Google Chrome.

Mac OS X

Several different security related bugs gave been fixed in OS X. Among them was an unbounded stack allocation issue that existed in the handling of text glyphs. It could be exploited by visiting a maliciously crafted site and may lead to an unexpected application termination or arbitrary code execution. The Directory Services vulnerability only applies to OS X 10.6. A remote attacker could execute arbitrary code with system privileges on Macs with Directory Service enabled due to an error with the way the directory server handled certain messages from the network. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges.

There were also several fixes for OpenSSL. There are known attacks on the confidentiality of TLS 1.0 when compression was enabled. To address this Apple has disabled compression in OpenSSL. Also OpenSSL was updated to version 0.9.8x to address multiple vulnerabilities, which may lead to denial of service or disclosure of a private key.

Other fixes include:

  • An attacker with access to a user’s session may be able to log into previously accessed sites, even if Private Browsing was used
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • A local user in the lpadmin group may be able to read or write arbitrary files with system privileges
  • A local user who is not an administrator may disable FileVault using the command-line. This issue was addressed by adding additional authentication.
  • Opening a maliciously crafted PICT image may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted QTIF file may lead to an unexpected application termination or arbitrary code execution
  • Viewing a maliciously crafted FPX file may lead to an unexpected application termination or arbitrary code execution
  • Playing a maliciously crafted MP3 file may lead to an unexpected application termination or arbitrary code execution

Also Multiple vulnerabilities existed in Ruby on Rails, the most serious of which may lead to arbitrary code execution on systems running Ruby on Rails applications. These issues were addressed by updating Ruby on Rails to version 2.3.18.

It is worth noting that starting with OS X 10.8.4, Java Web Start (i.e. JNLP) applications downloaded from the Internet need to be signed with
a Developer ID certificate.

Safari

All the fixes in the new release of Safari are related to WebKit as follows:

  • Multiple memory corruption issues existed in WebKit. These issues were addressed through improved memory handling.
  • A cross-site scripting issue existed in the handling of iframes. This issue was addressed through improved origin tracking.
  • A cross-site scripting issue existed in the handling of copied and pasted data in HTML documents. This issue was addressed through additional validation of pasted content.
  • XSS Auditor may rewrite URLs to prevent cross-site scripting attacks. This may lead to a malicious alteration of the behavior of a form submission. This issue was addressed through improved validation of URLs.

More information about the security content of Safari 6.0.5 can be found here.

Filed Under: Apple, News, Vulnerability Tagged With: , ,

Oracle updates Java, as does Apple

April 17, 2013 by

java-square(LiveHacking.Com) – Oracle has released a Critical Patch Update (CPU) for Java SE. The update, which affects Java 5, Java 6 and Java 7,  fixes 42 vulnerabilities within Java, the vast majority of which have been rated as the Critical.

Besides the fixes, the biggest change is to the Java security dialogs. Now JavaScript code that calls code within a privileged applet triggers warning dialogs if the signed JAR files are not tagged with the Trusted-Library attribute.

“The JDK 7u21 release enables users to make more informed decisions before running Rich Internet Applications (RIAs) by prompting users for permissions before an RIA is run. These permission dialogs include information on the certificate used to sign the application, the location of the application, and the level of access that the application requests,” said Oracle.

According to Oracle Executive Vice President Hasan Rizvi not all the known Java problems have been fixed, but there are no unpatched vulnerabilities that are being actively exploited in the wild.

Java has been prone to security vulnerabilities in the last few years and earlier this year a global hacking campaign managed to infected computers inside hundreds of companies, including Facebook, Apple and Twitter. In light of these threat the US Department of Homeland Security has previously recommended that users disable Java in the browser completely.

Apple

Gone are the days when Apple’s Java update would come several months after Oracle’s fixes. As is now becoming the norm, Apple released its updates on the same day as Oracle. Java for OS X 2013-003 and Mac OS X v10.6 Update 15 addresses multiple vulnerabilities Java, some of which could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. To exploit this a hacker need only convince a user to visit a specially crafted web page with an untrusted Java applet. For more information Apple recommend reading the Java 6 update 45 release notes.

Apple also released a new version of its Safari web browser for OS X Lion v10.7.5, OS X Lion Server v10.7.5 and OS X Mountain Lion v10.8.3. It fixes problems where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. The problem was an invalid cast that existed in the handling of SVG files. For more information see the Safari 6.0.4 page on Apple’s website.

Filed Under: Apple, Java, News Tagged With: , , ,

Critical updates for Apple TV and iOS available

March 20, 2013 by

Apple-logo(LiveHacking.Com) – Apple has released critical security updates for two of its most popular operating systems – Apple TV and iOS. The two operating systems, one which powers Apple’s TV media box and the other which powers the iPhone, iPad and iPod touch, are closely related and based on much of the same code.

Apple TV

Apple TV 5.2.1 addresses several critical security issues including problems which could allow a local user to execute unsigned code, to to determine the address of structures in the kernel or to execute arbitrary code in the kernel. All of which are potentially serious security vulnerabilities. The details of the update, which is available for Apple TV 2nd generation and above, are as follows:

  1. A state management issue existed in the handling of Mach-O executable files with overlapping segments. This issue was addressed by refusing to load an executable with overlapping segments.
  2. An information disclosure issue existed in the ARM prefetch abort handler. This issue was addressed by panicking if the prefetch abort handler is not being called from an abort context.
  3. The IOUSBDeviceFamily driver used pipe object pointers that came from userspace. This issue was addressed by performing additional validation of pipe object pointers.

Apple TV devices will periodically check for software updates. However you can force a manual check and update by selecting ”Settings -> General -> Update Software”. To check the current version of software, select ”Settings -> General -> About”.

iOS

iOS 6.3.1 has been released for iPhone 3GS and later, iPod touch (4th generation) and later and iPad 2 and later. The iOS update contains the three updates listed for Apple TV plus fixes for flaws that could allow a local user to change permissions on arbitrary files or bypass the screen lock. There is also a webkit fix for a problem where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. The additional details are:

  1. When restoring from backup, lockdownd changed permissions on certain files even if the path to the file included a symbolic link. This issue was addressed by not changing permissions on any file with a symlink in its path.
  2. A logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management.
  3. An invalid cast issue existed in the handling of SVG files. This issue was addressed through improved type checking.
Filed Under: Apple, News Tagged With:

Apple releases fixes after its computers got hacked

February 20, 2013 by

Apple-logo(LiveHacking.Com) – Apple has revealed that a small number of its computers where hacked by the same group who recently targeted Facebook. The iPhone-maker said it has identified malware which infected a limited number of Mac systems through a vulnerability in the Java plug-in for browsers. As a result Apple has released some updates for Java and Mac OS X 10.6.

Java for OS X 2013-001 and Mac OS X v10.6 Update 13 are now available and addresses the following:

  • Multiple vulnerabilities existed in Java 1.6.0_37, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.
  • Multiple vulnerabilities existed in Java, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution with the privileges of the current user.

The Java updates are available for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.x, OS X Lion Server v10.7.x, OS X Mountain Lion 10.8.x.

Apple also released a update to its malware removal tool that will remove the most common variants of malware. If malware is found, it presents a dialog notifying the user that malware was removed.

Since OS X Lion, Macs have shipped without Java installed, and as an added security measure OS X automatically disables Java if it has been unused for 35 days

Filed Under: Apple, Java, News, Vulnerability Tagged With: , ,

iOS 6.1 released by Apple with dozens of security fixes

January 29, 2013 by

ios6(LiveHacking.Com) – Apple has released an upgrade for the iOS firmware running on its range of smartphones and tablets. iOS 6.1 adds some new features, including LTE support for extra carriers and the ability for iTunes Match subscribers to download individual songs from iCloud, and to fix dozens of security vulnerabilities.

The fixes come  in two categories, iOS specific fixes and WebKit fixes. Since various parts of iOS rely heavily on WebKit including the iTunes stores and the Safari web browser these WebKit fixes impact the whole of iOS.

First the iOS specific fixes. Apple lists several crucial fixes including:

  • An error handling issue existed in Identity Services. If the user’s AppleID certificate failed to validate, the user’s AppleID was assumed to be the empty string. If multiple systems belonging to different users enter this state, applications relying on this identity determination may erroneously extend trust.
  • Visiting a maliciously crafted website may lead to a cross-site scripting attack.
  • JavaScript may be enabled in Mobile Safari without user interaction. If a user disabled JavaScript in Safari Preferences, visiting a site which displayed a Smart App Banner would re-enable JavaScript without warning the user.

There are also two fixes which are shared with the recent Apple TV 5.2 release:

  • A user-mode process may be able to access the first page of kernel memory.
  • A remote attacker on the same WiFi network may be able to temporarily disable WiFi because of an out of bounds read issue exists in Broadcom’s BCM4325 and BCM4329 firmware’s handling of 802.11i information elements.

The WebKit changes fix vulnerabilities where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution because of different  memory corruption issues in WebKit. Many of these problem where previously fixed by Google in its Chrome web browser. There is also a WebKit fix for and issue where copying and pasting content on a malicious website may lead to a cross-site scripting attack.

Finally, the update also deals with the intermediate CA certificates that were issued by TURKTRUST.

iOS 6.1 is available for iPhone 3GS and later, iPod touch (4th generation) and later and iPad 2 and later.

Filed Under: Apple, Apple, News, Vulnerability Tagged With: ,

Apple closes two security vulnerabilities with release of Apple TV 5.2

January 29, 2013 by

Apple_TV_2nd_Generation(LiveHacking.Com) – Apple has released the a new firmware for its TV media box which adds the ability to play purchased iTunes music directly from iCloud along with Bluetooth keyboard support. The update also allows Apple TV users to send media from an Apple TV to AirPlay-enabled speakers and devices (including AirPort Express and other Apple TVs). At the same time as adding new functionality Apple has also closed two serious security holes.

The first vulnerability fixed is a issue which allowed user-mode process to access the first page of kernel memory. Nomrally the kernel has code to check that user-processes are not accessing kernel memory. However The checks were not being used if the length was smaller than one page. This issue was addressed through additional validation of the arguments to copyin and copyout.

The second securuiy flaw could allow a remote attacker on the same WiFi network to to cause an unexpected system termination. An out of bounds read issue exists in Broadcom’s BCM4325 and BCM4329 firmware’s handling of 802.11i information elements. This issue was addressed through additional validation of 802.11i information elements.

To check the version of the firmware on your device, select ”Settings -> General -> About”. Most users won’t need to do anything as Apple TV will regularly check for software updates. Alternatively, you may manually check for software updates by selecting ”Settings -> General -> Update Software”.

Filed Under: Apple, News, Security Tagged With: ,

SMS fraud malware now targets OS X users

December 13, 2012 by

(LiveHacking.Com) –  SMS fraud is nothing new and is one of the preferred methods of generating income for malware writers on Android and on Windows. The Russian security firm Dr. Web has discovered a piece of malware which attempts to perpetrate SMS fraud on unsuspecting OS X users. Dubbed Trojan.SMSSend.3666, it  is the first program of its kind that targets Mac OS X.

With SMS fraud the malware writers attempt to subscribe victim’s to premium rate SMS services which charges high fees for useless messages. The Android variant is to cause the phone to send a message to one of these premium rate numbers.

The new Mac malware is a fake installer which can be downloaded under the guise of useful software. In this case, the Trojan pretends to be an installer for a program called VKMusic 4, a program meant for use on the VK social network. VK claims it is the largest European social network with more than a 100 million active users.

“In order to continue the ‘installation’ fraudsters ask that the victim enter their cellphone number into an appropriate field and then specify the code found in a reply SMS. By performing these actions the user agrees to terms of a chargeable subscription and a fee will be debited from their mobile phone account on a regular basis,” wrote Dr. Web.

Recent outbreaks of OS X malware have used vulnerabilities in Java, however this Trojan doesn’t use a known or unknown vulnerability, rather it is a simple social engineering ploy to trick the user into subscribing to a costly phone service. A relativity small number of OS X users will be affected as first it targets users of VK, second the OS X user needs to download the fake version of VKMusic from an underground web site.

It is anticipated that Apple’s XProtect malware utility will be updated to identify this new Trojan in due course.

Filed Under: Apple, Malware Tagged With: , , , ,

New Apple TV software released with security fixes

November 30, 2012 by

(LiveHacking.Com) –  Apple has published V5.1.1 of its Apple TV software to fix two security issues. The software, which is available for Apple TV 2nd generation devices and later, addresses just two issues one of which could lead to arbitrary code execution.

The first issue fixes an information disclosure issue that existed in the handling of APIs related to kernel extensions. Responses containing a OSBundleMachOHeaders key may have included kernel addresses. These exposed addresses could help hackers bypass address space layout randomization protection. The exact same bug, which was found by Mark Dowd of Azimuth Security, Eric Monti of Square, and additional anonymous researchers, was fixed in iOS 6.0.1 earlier this month.

The second vulnerability fixed is part of WebKit. A time of check to time of use issue existed in the handling of JavaScript arrays. To exploit it a hacker would need a privileged network position and if successful it could cause an unexpected application termination or arbitrary code execution. Joost Pol and Daan Keuper of Certified Secure working with HP TippingPoint’s Zero Day Initiative are credited for the find and like the previous bug it was also fixed in iOS 6.0.1.

To check to see which version of of the OS your device is using , select ”Settings -> General -> About”. Most users won’t need to do anything as Apple TV will regularly check for software updates. Alternatively, you may manually check for software updates by selecting ”Settings -> General -> Update Software”.

Filed Under: Apple, News, Security Tagged With: ,

In brief: Apple releases QuickTime 7.7.3 for Windows 7, Vista, XP SP2 or later

November 8, 2012 by

(LiveHacking.Com) – Apple has released an update to its popular QuickTime video player to address several vulnerabilites that existed when viewing a maliciously crafted file for a variery of different file types.

The full list of fixes is as follows:

  • Viewing a maliciously crafted PICT file may lead to an unexpected application termination or arbitrary code executin.  A buffer overflow existed in the handling of REGION
  • records in PICT files along with a memory corruption issue that existed in the handling of PICT files.These issue were addressed through improved bounds checking.
  • Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  A use after free issue existed in the QuickTime plugin’s handling of ‘_qtactivex_’ parameters within a HTML object element. This issue was addressed through improved memory handling.
  • Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of the
  • transform attribute in text3GTrack elements. This issue was addressed through improved bounds checking.
  • Viewing a maliciously crafted QuickTime TeXML file may lead to an unexpected application termination or arbitrary code execution.  Multiple buffer overflows existed in the handling of
  • style elements in QuickTime TeXML files. These issues were addressed through improved bounds checking.
  • Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.  A buffer overflow existed in the QuickTime plugin’s handling of MIME types. This issue was addressed through improved bounds checking.
  • Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. A use after free issue existed in the QuickTime ActiveX control’s handling of the Clear() method. This issue was addressed through improved memory management.
  • Viewing a maliciously crafted Targa file may lead to an unexpected application termination or arbitrary code execution.  A buffer overflow existed in the handling of Targa image files. This issue was addressed through improved bounds checking.
  • Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. A buffer overflow existed in the handling of ‘rnet’ boxes in MP4 files. This issue was addressed through improved bounds checking.

QuickTime 7.7.3 may be downloaded from the QuickTime site: http://www.apple.com/quicktime/download/. Also more information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222.

Filed Under: Apple Tagged With: ,
«Older Posts