May 23, 2013

You are here: Home / Archives for Safari

Oracle updates Java, as does Apple

April 17, 2013 by

java-square(LiveHacking.Com) – Oracle has released a Critical Patch Update (CPU) for Java SE. The update, which affects Java 5, Java 6 and Java 7,  fixes 42 vulnerabilities within Java, the vast majority of which have been rated as the Critical.

Besides the fixes, the biggest change is to the Java security dialogs. Now JavaScript code that calls code within a privileged applet triggers warning dialogs if the signed JAR files are not tagged with the Trusted-Library attribute.

“The JDK 7u21 release enables users to make more informed decisions before running Rich Internet Applications (RIAs) by prompting users for permissions before an RIA is run. These permission dialogs include information on the certificate used to sign the application, the location of the application, and the level of access that the application requests,” said Oracle.

According to Oracle Executive Vice President Hasan Rizvi not all the known Java problems have been fixed, but there are no unpatched vulnerabilities that are being actively exploited in the wild.

Java has been prone to security vulnerabilities in the last few years and earlier this year a global hacking campaign managed to infected computers inside hundreds of companies, including Facebook, Apple and Twitter. In light of these threat the US Department of Homeland Security has previously recommended that users disable Java in the browser completely.

Apple

Gone are the days when Apple’s Java update would come several months after Oracle’s fixes. As is now becoming the norm, Apple released its updates on the same day as Oracle. Java for OS X 2013-003 and Mac OS X v10.6 Update 15 addresses multiple vulnerabilities Java, some of which could allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. To exploit this a hacker need only convince a user to visit a specially crafted web page with an untrusted Java applet. For more information Apple recommend reading the Java 6 update 45 release notes.

Apple also released a new version of its Safari web browser for OS X Lion v10.7.5, OS X Lion Server v10.7.5 and OS X Mountain Lion v10.8.3. It fixes problems where visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. The problem was an invalid cast that existed in the handling of SVG files. For more information see the Safari 6.0.4 page on Apple’s website.

Filed Under: Apple, Java, News Tagged With: , , ,

Apple releases iOS 6.0.1 and Safari 6.0.2

November 2, 2012 by

(LiveHacking.Com) – Apple has released updates for it mobile device operating system iOS and its OS X web browser Safari. Both releases fix a number of security bugs.

The WebKit related fixes are both the same for iOS and Safari. The first and biggest bug fixed is the use after free issue in the handling of SVG images which was used by Pinkie Pie to win $60,000 at Google’s Pwnium 2 contest. The other WebKit error is with the handling of JavaScript arrays. Both errors can lead to an unexpected application termination or arbitrary code execution.

The iOS 6.0.1 also contains two additional fixes: an information disclosure issue in the handling of APIs related to kernel extensions and a problem where a person with physical access to an iOS device may be able to access Passbook passes without entering a passcode.

The kernel API problem meant that maliciously crafted or compromised iOS applications may be able to determine addresses in the kernel and so possibly bypass address space layout randomization protection.

iOS 6.0.1 is now available iPhone 3GS and later, iPod touch (4th generation) and later, iPad 2 and later. Safari 6.0.2 is now available OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2.

Information will also be posted to the Apple Security Updates web site: http://support.apple.com/kb/HT1222.

Filed Under: Apple, News, Security Tagged With: , ,

In brief: Apples releases updates for OS X and Safari

September 20, 2012 by

(LiveHacking.Com) - Having released iOS 6 with a large number of security fixes, Apple has now released an update to OS X and a new verison of Safari. For OS X, Mountain Lion has been updated to v10.8.2, Lion jumps to v10.7.5 and for OS X 10.6 Snow Leopard Apple has released Security Update 2012-004. Safari has recevied a minor update to 6.0.1 to address a range of security issues.

The updates to OS X upgrade or fix a number of low level OS X components including:

  • Apache has been updated to version 2.2.22 to address several vulnerabilities, the most serious of which may lead to a denial of service.
  • A reachable assertion issue existed in the handling of DNS records. This issue was addressed by updating to BIND 9.7.6-P1.
  • PHP is updated to version 5.3.15 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution.

Other components updated include: CoreText, DirectoryService, ImageIO, Kernel, Mail and QuickTime.

Safari has also been updated including a large set of fixes for WebKit. OS X Mountain Lion v10.8.2  automatically updates Safari to Safari 6.0.1.

Filed Under: Apple, Apple, News, Vulnerability Tagged With: , ,

Plethora of security updates in iOS 6

September 20, 2012 by

(LiveHacking.Com) - Yesterday Apple launched the latest version of its mobile operating system for the iPhone, iPad and iPod Touch. iOS 6 brings new features like Facebook integration and is the default OS for the new iPhone 5 which starts shipping on Friday. The new OS also includes lots of important security fixes.

Included in the fixes is an update to WebKit, the open source HTML rendering engine which Apple created and is also used in Google Chrome. Apple updated iTunes recently with a very similar set of WebKit fixes as those found in iOS 6. Apple describes the WebKit vulnerabilities by saying that “Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution.” Which it explains is due to “multiple memory corruption issues existed in WebKit. These issues are addressed through improved memory handling.”

Other WebKit fixes also include several cross-site scripting fixes and better URL handling. According to Apple the Unicode fonts embedded in Safari could can been used to create a URL which contains look-alike characters. These look-alike characters can be used by a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain.

Apple also spent some time fixing issues with passcode which can be set from within iOS to stop unwanted access to the device. This included a design flaw in the support for viewing photos that were taken while the screen was locked. Previously to determine which photos should be displayed the passcode lock checked the time at which the device was locked and compared it to the time that a photo was taken. However, by spoofing the current time an attacker could gain access to photos that were taken before the device was locked. To fix this, iOS now explicitly keeps track of the photos that were taken while the device was locked.

Other fixes are:

  • CFNetwork – An issue existed in CFNetwork’s handling of malformed URLs. CFNetwork may send requests to an incorrect hostname, resulting in the disclosure of sensitive information. This issue was addressed through improvements to URL handling.
  • CoreGraphics – Multiple vulnerabilities existed in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues were addressed by updating FreeType to version 2.4.9. Further information is available via the FreeType site at http://www.freetype.org/
  • CoreMedia – An uninitialized memory access existed in the handling of Sorenson encoded movie files. This issue was addressed through improved memory initialization.
  • DHCP – Upon connecting to a Wi-Fi network, iOS may broadcast MAC addresses of previously accessed networks per the DNAv4 protocol. This issue was addressed by disabling DNAv4 on unencrypted Wi-Fi networks.
  • ImageIO – A buffer overflow existed in libtiff’s handling of ThunderScan encoded TIFF images. This issue was addressed by updating libtiff to version 3.9.5.
  • ImageIO – Multiple memory corruption issues existed in libpng’s handling of PNG images. These issues were addressed through improved validation of PNG images.
  • ImageIO – A double free issue existed in ImageIO’s handling of JPEG images. This issue was addressed through improved memory management.
  • ImageIO – An integer overflow issue existed in libTIFF’s handling of TIFF images. This issue was addressed through improved validation of TIFF images.
  • International Components for Unicode – A stack buffer overflow existed in the handling of ICU locale IDs. This issue was addressed through improved bounds checking.
  • IPSec – A buffer overflow existed in the handling of racoon configuration files. This issue was addressed through improved bounds checking.
  • Kernel – An invalid pointer dereference issue existed in the kernel’s handling of packet filter ioctls. This may allow an attacker to alter kernel memory. This issue was addressed through improved error handling.
  • Kernel – An uninitialized memory access issue existed in the Berkeley Packet Filter interpreter, which led to the disclosure of memory content. This issue was addressed through improved memory initialization.
  • libxml – Multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution. These issues were addressed by applying the relevant upstream patches.
  • Mail – A logic issue existed in Mail’s handling of attachments. If a subsequent mail attachment used the same Content-ID as a previous one, the previous attachment would be displayed, even in the case where the 2 mails originated from different senders. This could facilitate some spoofing or phishing attacks. This issue was addressed through improved handling of attachments.
  • Mail – A logic issue existed in Mail’s use of Data Protection on email attachments. This issue was addressed by properly setting the Data Protection class for email attachments.
  • Mail – S/MIME signed messages displayed the untrusted ‘From’ address, instead of the name associated with the message signer’s identity. This issue was addressed by displaying the address associated with the message signer’s identity when it is available.
  • Messages – When a user had multiple email addresses associated with iMessage, replying to a message may have resulted in the reply being sent from a different email address. This may disclose another email address associated to the user’s account. This issue was addressed by always replying from the email address the original message was sent to.
  • Office – Viewer An information disclosure issue existed in the support for viewing Microsoft Office files. When viewing a document, the Office Viewer would write a temporary file containing data from the viewed document to the temporary directory of the invoking process. For an application that uses data protection or other encryption to protect the user’s files, this could lead to information disclosure. This issue was addressed by avoiding creation of temporary files when viewing Office documents.
  • OpenGL – Multiple memory corruption issues existed in the handling of GLSL compilation. These issues were addressed through improved validation of GLSL shaders.
  • Passcode Lock – A logic issue existed with the display of the “Slide to Power Off” slider on the lock screen. This issue was addressed through improved lock state management.
  • Passcode Lock – A logic issue existed in the termination of FaceTime calls from the lock screen. This issue was addressed through improved lock state management.
  • Passcode Lock – A design issue existed in the support for viewing photos that were taken at the lock screen. In order to determine which photos to permit access to, the passcode lock consulted the time at which the device was locked and compared it to the time that a photo was taken. By spoofing the current time, an attacker could gain access to photos that were taken before the device was locked. This issues was addressed by explicitly keeping track of the photos that were taken while the device was locked.
  • Passcode Lock – A logic issue existed in the Emergency Dialer screen, which permitted FaceTime calls via Voice Dialing on the locked device. This could also disclose the user’s contacts via contact suggestions. This issue was addressed by disabling Voice Dialing on the Emergency Dialer screen.
  • Passcode Lock Using the camera from the screen lock could in some cases interfere with automatic lock functionality, allowing a person with physical access to the device to bypass the Passcode Lock screen. This issue was addressed through improved lock state management.
  • Passcode Lock – A state management issue existed in the handling of the screen lock. This issue was addressed through improved lock state management.
  • Restrictions – After disabling Restrictions, iOS may not ask for the user’s password during a transaction. This issue was addressed by additional enforcement of purchase authorization.
  • Safari – Websites could use a Unicode character to create a lock icon in the page title. This icon was similar in appearance to the icon used to indicate a secure connection, and could have lead the user to believe a secure connection had been established. This issue was addressed by removing these characters from page titles.
  • Safari – Password input elements with the autocomplete attribute set to “off” were being autocompleted. This issue was addressed through improved handling of the autocomplete attribute.
  • System Logs – Sandboxed apps had read access to /var/log directory, which may allow them to obtain sensitive information contained in system logs. This issue was addressed by denying sandboxed apps access to the /var/log directory.
  • Telephony – Messages displayed the return address of an SMS message as the sender. Return addresses may be spoofed. This issue was addressed by always displaying the originating address instead of the return address.
  • Telephony – An off-by-one buffer overflow existed in the handling of SMS user data headers. This issue was addressed through improved bounds checking.
  • UIKit – Applications that use UIWebView may leave unencrypted files on the file system even when a passcode is enabled. This issue was addressed through improved use of data protection.
  • WebKit – A cross-origin issue existed in the handling of CSS property values. This issue was addressed through improved origin tracking.
  • WebKit – A cross-origin issue existed in the handling of iframes in popup windows. This issue was addressed through improved origin tracking.
  • WebKit – A cross-origin issue existed in the handling of iframes and fragment identifiers. This issue was addressed through improved origin tracking.
  • WebKit – The International Domain Name (IDN) support and Unicode fonts embedded in Safari could have been used to create a URL which contains look-alike characters. These could have been used in a malicious website to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue was addressed by supplementing WebKit’s list of known look-alike characters. Look- alike characters are rendered in Punycode in the address bar.
  • WebKit – A canonicalization issue existed in the handling of URLs. This may have led to cross-site scripting on sites which use the location.href property. This issue was addressed through improved canonicalization of URLs.
  • WebKit – An HTTP header injection issue existed in the handling of WebSockets. This issue was addressed through improved WebSockets URI sanitization.
  • WebKit – A state management issue existed in the handling of session history. Navigations to a fragment on the current page may cause Safari to display incorrect information in the URL bar. This issue was addressed through improved session state tracking.
  • WebKit – An uninitialized memory access issue existed in the handling of SVG images. This issue was addressed through improved memory initialization.
Filed Under: Apple, Apple, News, Vulnerability Tagged With: , , , ,

Safari 6.0 released with fixes for security vulnerabilities

July 26, 2012 by

(LiveHacking.Com) – Apple has released Safari 6.0 as part of the launch of OS X 10.8 Mountain Lion. The new version of the Mac OS includes an updated version of Apple’s web browser which has also been back ported to OS X 10.7 Lion. As well as new features, Safari 6.0 addresses multiple security issues.

The fixes included in version 6.0 include:

  • A cross-site scripting issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
  • An access control issue existed in the handling of feed:// URLs. This update removes handling of feed:// URLs.
  • Password input elements with the autocomplete attribute set to “off” were being autocompleted. This update addresses the issue by improved handling of the autocomplete attribute.
  • An issue existed in Safari’s support for the ‘attachment’ value for the HTTP Content-Disposition header. This header is used by many websites to serve files that were uploaded to the site by a third-party, such as attachments in web-based e-mail applications. Any script in files served with this header value would run as if the file had been served inline, with full access to other resources on the origin server. This issue is addressed by downloading resources served with this header, rather than displaying them inline.

Safari 6.0 uses the open source WebKit (which Apple created) as its rendering engine. WebKit contained multiple memory corruption issues which, if exploited, means that a user visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. These issues are addressed through improved memory handling inside WebKit.

Many of the WebKit vulnerabilities have been previously fixed in Google’s Chrome web browser (which also uses WebKit) with many of the vulnerabilities being credited to  the “Google Chrome Security Team” or to security researchers who receive rewards from Google for finding bugs like Miaubiz. However Apple did do its fair share of the work with a good number of the WebKit vulnerabilities being discovered by Apple itself.

Safari 6.0 isn’t available for OS X 10.5 Snow Leopard which has now been abandoned by Apple (leaving users with a 32 bit Intel Mac vulnerable). Also at this time there is no news about Safari 6.0 for Windows.

Filed Under: Apple, Apple, Safari, Vulnerability Tagged With: , ,

New iOS 5.1.1 Safari Browser Denial Of Service Vulnerability Found

May 29, 2012 by

(LiveHacking.Com) – Alberto Ortega, a vulnerability researcher at AlienVault and author of PenTBox (a set of security tools written in Ruby), has discovered a new denial of service vulnerability in Apple’s iOS. The problem, which occurs in the Safari web browser, has been seen to manifest itself on iOS 5.0.1, 5.1.0 and 5.1.1 and affects the iPod Touch, the iPhone and the iPad.

According to the security advisory, published by Alberto, when the JavaScript function match() gets a big buffer as a parameter the browser unexpectedly crashes. It also seems as if the search() function is also affected.

“iOS has a lot of mitigations to avoid successful exploitation,” Ortega said. “This software has errors and holes but you will need to bypass those hard mitigations and find more weaknesses to have something ‘usable’.” He believes that this vulnerailibty is a “step to achieve a real exploitation”.

To test the vulnerability you need to run the code posted in the advisory in Ruby and then open the URL of the running script in Safari. The Ruby script will send a specially crafted web page, which contains the relevant Javascript, to the iOS device. When attempting to run the Javascript Safari will crash.

This latest discovery comes only a few days after the Chronic-Dev Team published an untethered jailbreak for iOS 5.1.1.

At the time of disclosure, Ortega had already reported the problem to Apple, but there has been no official response.

Filed Under: Apple, Apple, Vulnerability Tagged With: , ,

Apple Updates Safari and Lion, Blocks Old Versions of Flash

May 11, 2012 by

(LiveHacking.Com) – Following the recent update of iOS, Apple has now applied a similar set of fixes to the desktop version of Safari as well as adding a new security measure which disables Adobe Flash Player if it is older than 10.1.102.64. At the same time Apple has also released an update to OS X Lion to fix the logging of passwords for FileVault and has updated a few key components like PHP and Samba.

Safari

Apple’s web browser is built around the WebKit layout engine which Apple started (as a fork of KHTML) back in 2001. It is now used as the layout engine for Safari and for Google’s Chrome. As a result when Google find security vulneravilities in Chrome, due to WebKit, they often need fixing in Safari as well. The fixes in Safari 5.1.7 are all related to WebKit:

  • The first fix is for the cross site scripting issues that were used by Sergey Glazunov during Google’s Pwnium contest. Apple fixed the same issues recently in iOS 5.1.1. Details of the exact nature of Sergey’s exploit are still unavailable but it is known that WebKit doesn’t properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a “Universal XSS (UXSS)” issue.
  • The second fix, which also comes via Google, is a memory corruption issue. According to Apple visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution
  • The third flaw to be repaired is a state tracking issue that existed in WebKit’s handling of forms. Due to this bug a maliciously crafted website may be able to populate form inputs on another website with arbitrary values.

As well as fixing these Critial errors Apple also added a new security feature which disables Adobe Flash Player if it is older than 10.1.102.64. It does this by moving the Flash files to a new directory. However all is not lost, as the users is presented with option to install an updated version of Flash Player from the Adobe website.

OS X Lion

Along side the Safari release, Apple also released OS X Lion v10.7.4 and Security Update 2012-002 (for OS X Snow Leopard). The big ticket item on this update is the disabling of the debugging switch which meant that FileVault passwords were being written to a debug log in plain text. According to Apple, this issue only affects systems running OS X Lion v10.7.3 with users of Legacy File Vault and/or networked home directories. They also have a web page (http://support.apple.com/kb/TS4272) for more information about how to securely remove any remaining records.

Apple also fixed another FileVault issue where due to an bug in the kernel’s handling of the sleep image (used for hibernation), some unencrypted data remains on the disk even when FileVault was enabled. This issue is addressed through improved handling of the sleep image. This issue does not affect systems prior to OS X Lion.

The update also upgrades (and/or fixes) different compoents of OS X including curl, HFS, ImageIO (where viewing a maliciously crafted TIFF file may lead to an unexpected application termination or arbitrary code execution), libpng, libarchive, libsecurity, libxml (multiple vulnerabilities existed in libxml, the most serious of which may lead to an unexpected application termination or arbitrary code execution), PHP and QuickTime, Ruby and Samba.

PHP for OS X Lion v10.7 to v10.7.3, OS X Lion Server v10.7 to v10.7.3 has been updated to version 5.3.10 to address several vulnerabilities, the most serious of which may lead to arbitrary code execution. While Samba has been updated to remove the nine year old vulnerability which allowed an unauthenticated remote attacker to cause a denial of service or execute arbitrary code with system privileges.

Filed Under: Apple, Apple, News, Safari, Security, Vulnerability Tagged With: , ,

Apple Includes iOS 5.1 WebKit Fixes in Safari

March 13, 2012 by

(LiveHacking.Com) – Apple recently released iOS 5.1 with over 60 fixes to WebKit, the web rendering engine used by the iPhone’s operating system. Now Apple has released and update to Safari (its web browser for Windows and Mac) with many an almost identical set of fixes. One thing made very clear from this is that Apple are truly using the same code across its mobile and desktop versions of it Safari browser and that vulnerabilities found by Google in its web browser often apply to Safari in iOS and on the desktop.

As with the iOS update, most (if not all) of these WebKit errors have been previously fixed in Google’s Chrome web browser with many of the vulnerabilities being credited to  the “Google Chrome Security Team” or to security researchers who receive rewards from Google for finding bugs like Sergey Glazunov. However Apple did do its fair share of the work with a good portion of the WebKit vulnerabilities being discovered by Apple themselves.

The majority of the WebKit errors are described by Apple, in its security advisory, as memory corruption issues that can be exploited if the user visits a specially crafted web page. Rendering the page may lead to an unexpected application termination or arbitrary code execution. Other fixes included in Safari 5.1.4 include:

  • Look-alike characters in a URL could be used to masquerade a website. The International Domain Name (IDN) support in Safari could be used to create a URL which contains look-alike characters. These could be used in a malicious web site to direct the user to a spoofed site that visually appears to be a legitimate domain. This issue is addressed through an improved domain name validity check. This issue does not affect OS X systems.
  • Visiting a maliciously crafted website may lead to the disclosure of cookies. A cross-origin issue existed in WebKit, which may allow cookies to be disclosed across origins.
  • Visiting a maliciously crafted website and dragging content with the mouse may lead to a cross-site scripting attack. A cross-origin issue existed in WebKit, which may allow content to be dragged and dropped across origins.
  • Cookies may be set by third-party sites, even when Safari is configured to block them. An issue existed in the enforcement of its cookie policy. Third-party websites could set cookies if the “Block Cookies” preference in Safari was set to the default setting of “From third parties and advertisers”.
  • HTTP authentication credentials may be inadvertently disclosed to another site. If a site uses HTTP authentication and redirects to another site, the authentication credentials may be sent to the other site.

Still Vulnerable?

What is currently unknown is if Safari is vulnerable to the two critical vulnerabilities found in Chrome last week during the CanSecWest security conference for which Google paid out over $120,000 to Sergey Glazunov and a researcher known as PinkiePie (aka PwniePie).

Download

Safari 5.1.4 is available to download, for Mac and Winodws, from Apple’s Safari page.

Filed Under: Apple, Apple, Safari, Vulnerability Tagged With: , ,

Apple Releases Security Updates for Apple iOS, Safari 5.1.1, OS X Lion v10.7.2, iWork 09, and Apple TV 4.4

October 13, 2011 by

(LiveHacking.Com) - With the launch of the much anticipated iOS 5, Apple has also issued a significant number of patches for a range of it products including some of its iOS applications, its Safari web browser, OS X 10.7, OS X 10.6 (via Security Update 2011-006) and Apple TV.

The full list along with links to the Apple knowledge base is as follows:

  • HT4999 - iOS 5 Software Update
  • HT5000 - Safari 5.1.1
  • HT5001 - Apple TV 4.4
  • HT5002 - OS X Lion v10.7.2 and Security Update 2011-006
  • HT5003 - Pages for iOS v1.5
  • HT5004 - Numbers for iOS v1.5

iOS 5
Apple are emphasizing the 200 new features in iOS 5, but it also contained multiples security fixes. Most of these are found in WebKit the HTML rendering engine at the heart of iOS’s version of Safari. Many of the issues fixed in Safari 5.1.1 are common with those in iOS 5, however the Safari 5.1.1 list is shorter due to the more frequent releases of Safari for the desktop.

Other iOS 5 fixes of interesting include:

  • A user’s AppleID password and username were logged to a file that was readable by applications on the system. This is resolved by no longer logging these credentials.
  • Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in CoreFoundation’s handling of string tokenization.
  • Viewing a document containing a maliciously crafted font may lead to arbitrary code execution. Multiple memory corruption existed in freetype, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font.
  • Viewing a maliciously crafted TIFF image may result in an unexpected application termination or arbitrary code execution. A buffer overflow existed in libTIFF’s handling of CCITT Group 4 encoded TIFF images.

Safari 5.1.1
Along with the long list of WebKit fixes, some of which are common with the fixes in iOS 5 and iTunes 10.5, there are several fixes for bugs that allowed arbitrary code execution or a cross-site scripting attack if the user visited a maliciously crafted website.

Apple also say that JavaScript performance has been improved up to 13% over Safari 5.1.

OS X Lion v10.7.2 and Security Update 2011-006
The update to Lion and the release of Security Update 2011-006 (which is available for OS X 10.6.8) fixes a number of problems including:

  • Apache is updated to version 2.2.20 to address several vulnerabilities, the most serious of which may lead to a denial of service.
  • Executing a binary with a maliciously crafted name may lead to arbitrary code execution with elevated privileges. A format string vulnerability existed in Application Firewall’s debug logging.
  • Viewing or downloading a document containing a maliciously crafted embedded font may lead to arbitrary code execution. An out of bounds memory access issue existed in ATS’ handling of Type 1 fonts. This issue does not affect OS X Lion systems.
  • OS X 10.7: Multiple denial of service issues existed in BIND 9.7.3. These issues are addressed by updating BIND to version 9.7.3-P3.
  • OS X 10.6: Multiple denial of service issues existed in BIND. These issues are addressed by updating BIND to version 9.6-ESV-R4-P3.
  • Several trusted certificates were added to the list of system roots. Several existing certificates were updated to their most recent version. The complete list of recognized system roots may be viewed via the Keychain Access application.
  • Viewing a maliciously crafted website or e-mail message may lead to an unexpected application termination or arbitrary code execution. A memory corruption issue existed in CoreFoundation’s handling of string tokenization. This issue does not affect OS X Lion systems. This update addresses the issue through improved bounds checking.
  • Several updates for PHP, python, postfix and QuickTime.

Pages and Numbers for iOS
Opening a maliciously crafted Microsoft Word or Excel document may lead to an unexpected application termination or arbitrary code execution

Due to buffer overflow and memory corruption issues, opening a maliciously crafted Microsoft Word or Excel document may lead to an unexpected application termination or arbitrary code execution.

Filed Under: Apple, Apple, Uncategorized, Vulnerability Tagged With: , , , , ,

NSSLab Report Shows That IE Still Best At Blocking Socially Engineered Malware

August 17, 2011 by

 

(LiveHacking.Com) - NSS Labs has released its latest Web Browser Security Comparative Test Reports against Socially-Engineered Malware for the third quarter of 2011. The report examines the ability of the top five web browsers to protect users from websites that look harmless but actually are designed to trick visitors into downloading and installing malware.

According to a recent study by AVG, users are four times more likely to be tricked into downloading malware than be compromised by a vulnerability.

The report found that Windows Internet Explorer 9 (IE9) caught an exceptional 99.2% of live threats (96% with the SmartScreen URL reputation and an additional 3.2% with Application Reputation). Google Chrome 12 caught 13.2% of the live threats, four times more that it managed during the Q3 2010 global test. Apple Safari 5 and Firefox both caught 7.6% of the live threats. Opera 11 caught the lowest number of threats, just 6.1%.

The full report can be downloaded from the RSS Lab’s website (download PDF) and unlike previous reports this latest report was not paid for by Microsoft.

Filed Under: Chrome, Firefox, Intenet Explorer Tagged With: , , , , ,
«Older Posts