* You are viewing the archive for June, 2011

WordPress 3.1.4 Released

WordPress version 3.1.4 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.4 release level and it seems to work fine.

References:
http://codex.wordpress.org/Version_3.1.4

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Java Update Released for Mac OS X 10.6 Update 5 and 10.6 Update 10

Apple has released Java updates for Mac OS X 10.6 Update 5 and OS X 10.6 Update 10. Details are at the links below.

References:
http://lists.apple.com/archives/security-announce/2011/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2011/Jun/msg00002.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Google Chrome 12.0.742.112 Released

Google Chrome 12.0.742.112 has been released for Windows, Mac, and Linux. The update includes fixes for 7 vulnerabilities, 6 of which are classified as high.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Commercial Exploit Released for CVE-2011-1220 in IBM Tivoli Endpoint lcfd.exe

A commercial grade exploit has been released for CVE-2011-1220 in IBM Tivoli Endpoint lcfd.exe in the White Phosphorous add-on pack for Immunity CANVAS.

References:
http://www.whitephosphorus.org/
https://www-304.ibm.com/support/docview.wss?uid=swg21499146
http://seclists.org/fulldisclosure/2011/May/569
http://www.zerodayinitiative.com/advisories/ZDI-11-169/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Releases Mac OS X v10.6.8 and Security Update 2011-004

From Apple’s release:

APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004

Mac OS X v10.6.8 and Security Update 2011-004 are now available and address the following:

AirPort
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6 CVE-ID
CVE-2011-0196

App Store
Available for: … Continue Reading

Share

Citrix EdgeSight Active Application Monitoring and Load Testing Security Updates Released

Citrix has released security updates for their Citrix EdgeSight for Active Application Monitoring and Citrix EdgeSight for Load Testing products. Citrix recommends customers upgrade their Citrix EdgeSight for Active Application Monitoring installations to version 5.3 SP2 or later, and Citrix EdgeSight for Load Testing installations to version 3.8.1 or later. Details are available at the link below.

References:
http://support.citrix.com/article/CTX129699

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Win32 YARA Version Available

More outstanding work from Virustotal: It looks like a Win32 version of YARA has been posted on the YARA project’s page on code.google.com. Unlike classic YARA, no Python runtime support is required. Note the interesting PID argument to YARA.exe.

usage: yara [OPTION]… [RULEFILE]… FILE | PID
options:
-t print rules tagged as and ignore the rest. Can be used more than once.
-i print rules named … Continue Reading

Share

Mozilla Firefox 5.0 and 3.6.18 Released

Mozilla has released Firefox versions 5.0 and 3.6.18. These new versions fix several security-related bugs.

BTW, Firefox version 4.x is now off support, as is 3.5.x. You should be running only 3.6.x or 5.x in production now.

References:
http://www.mozilla.com/en-US/firefox/5.0/releasenotes/
http://www.mozilla.com/en-US/firefox/3.6.18/releasenotes/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Adobe Flash Player 10.3.181.26 Released

Adobe has released version 10.3.181.26 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. Adobe reports this update includes a fix for a vulnerability that is being exploited in the wild.

References:
http://www.adobe.com/support/security/bulletins/apsb11-18.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 12.0.742.100 Released

Google Chrome 12.0.742.100 has been released for Windows, Mac, and Linux. The update includes fixes for 1, which is classified as critical.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Reader 10.1, 9.4.5, and 8.3 Released

Adobe has released versions 10.1, 9.4.5, and 8.3 of their Acrobat Reader product to address a set of security vulnerabilities. Details are available at the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-16.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Microsoft June 2011 Patch Tuesday Patches Released

So far, one patch out of this months set – MS11-044 – has a known exploit in the wild.

UPDATE – 17 June 2011 – Symantec is reporting exploits for MS11-050 being found in circulation: http://www.symantec.com/connect/de/blogs/vulnerability-june-ms-tuesday-wild

References:
http://isc.sans.org/diary/Microsoft+June+2011+Black+Tuesday+Overview/11050

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Shockwave Player Version 11.6.0.626 Released

Adobe has released Shockwave Player version 11.6.0.626 for Windows and Apple OS X. This update contains several security updates as outlined in the link below.

References:
http://www.adobe.com/support/security/bulletins/apsb11-17.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Warning Before Using Most Common iPhone Passcodes Lists

Regarding this:
http://amitay.us/blog/files/most_common_iphone_passcodes.php

You have to be careful sharing this type of information if you support patrol officers or invesitigators who like to try a passcode or two on their own when they take a phone off a suspect. Some smart gangbangers have their phones already sitting with 9 invalid logins, and the 10th will wipe the phone. Units seized from suspects should be put through your organization’s normal seizure and lab procedures. Please avoid the temptation of trying a passcode or two on your own outside of those procedures.

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: … Continue Reading

Share

RAM Dump Analysis for Apple OS X Systems

Kudos to Kyeong-Sik Lee and the Korean Digital Forensic Research Center for providing what I believe is the first publicly available tool for doing RAM dump analysis for Apple OS X systems. The new tool – volafox – isn’t as evolved as it’s Windows counterparts (HBGary Responder, MANDIANT Memoryze/Redline, or the Volatility Framework), but it is a great start. Volafox can be obtained from the link below.

References:
http://code.google.com/p/volafox/
http://computer.forensikblog.de/en/2011/06/mac_os_x_memory_analysis_with_volafox.html
http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

New Oracle Sun Java 6 Update 26 Release Contains Security Fixes

There are 17 vulnerabilities fixed this time around. If for some reason you cannot patch some or all of you Sun Java JRE instances in your organization, please consider putting IPS blocks in place at your network edges and/or in your client host IPS as outlined at http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/.

Public proof-of-concept exploit code exists for some of the vulnerabilities fixed in this release.

References:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Google Chrome 12.0.742.91 Released

Google Chrome 12.0.742.91 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 5 of which are classified as high or critical.

The feature list includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability … Continue Reading

Share

RSA Releases Security Update for RSA Access Manager Server

RSA has released a security update for their RSA Access Manager Server product.

The following versions are affected:
RSA Access Manager Server version 5.5.x
RSA Access Manager Server version 6.0.x
RSA Access Manager Server version 6.1.x

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0322
http://www.securityfocus.com/archive/1/517023

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Google Chrome 11.0.696.77 Released

Google Chrome 11.0.696.77 has been released for Windows, Mac, and Linux. The update includes a fix for the currently actively exploited Flash player vulnerability that Adobe announced here.

References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement

Share

Adobe Flash Player 10.3.181.22 Released

Adobe has released version 10.3.181.22 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. Adobe reports this update includes a fix for a vulnerability that is being exploited in the wild.

References:
http://www.adobe.com/support/security/bulletins/apsb11-13.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

VMware Releases Security Updates for ESX, ESXi, Player, Workstation, and Fusion

VMware has released security updates affecting the following product versions:

VMware Workstation 7.1.3 and earlier
VMware Player 3.1.3 and earlier
VMware Fusion 3.1.2 and earlier
ESXi 4.1 without patch ESXi410-201104402-BG
ESXi 4.0 without patch ESXi400-201104402-BG
ESXi 3.5 without patches ESXe350-201105401-I-SG and ESXe350-201105402-T-SG
ESX 4.1 without patch ESX410-201104401-SG
ESX 4.0 without patch ESX400-201104401-SG
ESX 3.5 without patches ESX350-201105401-SG, ESX350-201105404-SG and, ESX350-201105406-SG

References:
http://www.vmware.com/security/advisories/VMSA-2011-0009.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Security Update for IBM Tivoli Endpoint Manager Released

A fix for a remotely exploitable bug in IBM Tivoli Endpoint Manager has been released. Details are at the link below.

Exploit code is now publicly available: http://www.exploit-db.com/exploits/17365/.

References:
https://www-304.ibm.com/support/docview.wss?uid=swg21499146

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Security Updates for Cisco AnyConnect Released

Cisco has released fixes for two security-related bugs in Cisco AnyConnect. One potentially remotely exploitable bug affects specific AnyConnect client versions on Windows, Apple OS X, and Linux. A local privilege escalation issue affects only certain AnyConnect client versions on Windows systems.

Exploit code for affected versions of the AnyConnect client is publicly available at: http://www.exploit-db.com/exploits/17366/.

References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share

Apple Releases Security Update to Remove Latest OS X Fake AV Variants

Apple’s promised update (APPLE-SA-2011-05-31-1 Security Update 2011-003) for removing the newest known fake AV variants affecting OS X has been released.

References:
http://lists.apple.com/archives/security-announce/2011/May/msg00000.html

email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement

Share