* You are viewing the archive for June, 2011
WordPress version 3.1.4 contains both normal bugfixes and security-related changes. I upgraded this blog already to the 3.1.4 release level and it seems to work fine.
References:
http://codex.wordpress.org/Version_3.1.4
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Apple has released Java updates for Mac OS X 10.6 Update 5 and OS X 10.6 Update 10. Details are at the links below.
References:
http://lists.apple.com/archives/security-announce/2011/Jun/msg00001.html
http://lists.apple.com/archives/security-announce/2011/Jun/msg00002.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
Google Chrome 12.0.742.112 has been released for Windows, Mac, and Linux. The update includes fixes for 7 vulnerabilities, 6 of which are classified as high.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
A commercial grade exploit has been released for CVE-2011-1220 in IBM Tivoli Endpoint lcfd.exe in the White Phosphorous add-on pack for Immunity CANVAS.
References:
http://www.whitephosphorus.org/
https://www-304.ibm.com/support/docview.wss?uid=swg21499146
http://seclists.org/fulldisclosure/2011/May/569
http://www.zerodayinitiative.com/advisories/ZDI-11-169/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
From Apple’s release:
APPLE-SA-2011-06-23-1 Mac OS X v10.6.8 and Security Update 2011-004
Mac OS X v10.6.8 and Security Update 2011-004 are now available and address the following:
AirPort
Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8
Impact: When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset
Description: An out of bounds memory read issue existed in the handling of Wi-Fi frames. When connected to Wi-Fi, an attacker on the same network may be able to cause a system reset. This issue does not affect Mac OS X v10.6 CVE-ID
CVE-2011-0196
App Store
Available for: … Continue Reading
Citrix has released security updates for their Citrix EdgeSight for Active Application Monitoring and Citrix EdgeSight for Load Testing products. Citrix recommends customers upgrade their Citrix EdgeSight for Active Application Monitoring installations to version 5.3 SP2 or later, and Citrix EdgeSight for Load Testing installations to version 3.8.1 or later. Details are available at the link below.
References:
http://support.citrix.com/article/CTX129699
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
More outstanding work from Virustotal: It looks like a Win32 version of YARA has been posted on the YARA project’s page on code.google.com. Unlike classic YARA, no Python runtime support is required. Note the interesting PID argument to YARA.exe.
usage: yara [OPTION]… [RULEFILE]… FILE | PID
options:
-t print rules tagged as and ignore the rest. Can be used more than once.
-i print rules named … Continue Reading
Mozilla has released Firefox versions 5.0 and 3.6.18. These new versions fix several security-related bugs.
BTW, Firefox version 4.x is now off support, as is 3.5.x. You should be running only 3.6.x or 5.x in production now.
References:
http://www.mozilla.com/en-US/firefox/5.0/releasenotes/
http://www.mozilla.com/en-US/firefox/3.6.18/releasenotes/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Adobe has released version 10.3.181.26 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. Adobe reports this update includes a fix for a vulnerability that is being exploited in the wild.
References:
http://www.adobe.com/support/security/bulletins/apsb11-18.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Google Chrome 12.0.742.100 has been released for Windows, Mac, and Linux. The update includes fixes for 1, which is classified as critical.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
Adobe has released versions 10.1, 9.4.5, and 8.3 of their Acrobat Reader product to address a set of security vulnerabilities. Details are available at the link below.
References:
http://www.adobe.com/support/security/bulletins/apsb11-16.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
So far, one patch out of this months set – MS11-044 – has a known exploit in the wild.
UPDATE – 17 June 2011 – Symantec is reporting exploits for MS11-050 being found in circulation: http://www.symantec.com/connect/de/blogs/vulnerability-june-ms-tuesday-wild
References:
http://isc.sans.org/diary/Microsoft+June+2011+Black+Tuesday+Overview/11050
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
Adobe has released Shockwave Player version 11.6.0.626 for Windows and Apple OS X. This update contains several security updates as outlined in the link below.
References:
http://www.adobe.com/support/security/bulletins/apsb11-17.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Regarding this:
http://amitay.us/blog/files/most_common_iphone_passcodes.php
You have to be careful sharing this type of information if you support patrol officers or invesitigators who like to try a passcode or two on their own when they take a phone off a suspect. Some smart gangbangers have their phones already sitting with 9 invalid logins, and the 10th will wipe the phone. Units seized from suspects should be put through your organization’s normal seizure and lab procedures. Please avoid the temptation of trying a passcode or two on your own outside of those procedures.
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: … Continue Reading
Kudos to Kyeong-Sik Lee and the Korean Digital Forensic Research Center for providing what I believe is the first publicly available tool for doing RAM dump analysis for Apple OS X systems. The new tool – volafox – isn’t as evolved as it’s Windows counterparts (HBGary Responder, MANDIANT Memoryze/Redline, or the Volatility Framework), but it is a great start. Volafox can be obtained from the link below.
References:
http://code.google.com/p/volafox/
http://computer.forensikblog.de/en/2011/06/mac_os_x_memory_analysis_with_volafox.html
http://blackhat.com/presentations/bh-dc-10/Suiche_Matthieu/Blackhat-DC-2010-Advanced-Mac-OS-X-Physical-Memory-Analysis-wp.pdf
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
There are 17 vulnerabilities fixed this time around. If for some reason you cannot patch some or all of you Sun Java JRE instances in your organization, please consider putting IPS blocks in place at your network edges and/or in your client host IPS as outlined at http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/.
Public proof-of-concept exploit code exists for some of the vulnerabilities fixed in this release.
References:
http://www.oracle.com/technetwork/topics/security/javacpujune2011-313339.html
http://blog.sharpesecurity.com/2010/10/25/list-of-currently-exploited-sun-java-vulnerabilities/
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Google Chrome 12.0.742.91 has been released for Windows, Mac, and Linux. The update includes fixes for 14 vulnerabilities, 5 of which are classified as high or critical.
The feature list includes:
- Hardware accelerated 3D CSS
- New Safe Browsing protection against downloading malicious files
- Ability to delete Flash cookies from inside Chrome
- Launch Apps by name from the Omnibox
- Integrated Sync into new settings pages
- Improved screen reader support
- New warning when hitting Command-Q on Mac
- Removal of Google Gears
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability … Continue Reading
RSA has released a security update for their RSA Access Manager Server product.
The following versions are affected:
RSA Access Manager Server version 5.5.x
RSA Access Manager Server version 6.0.x
RSA Access Manager Server version 6.1.x
References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0322
http://www.securityfocus.com/archive/1/517023
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
Google Chrome 11.0.696.77 has been released for Windows, Mac, and Linux. The update includes a fix for the currently actively exploited Flash player vulnerability that Adobe announced here.
References:
http://sites.google.com/a/chromium.org/dev/Home/chromium-security
http://www.google.com/chrome/index.html?hl=en&brand=CHMA&utm_campaign=en&utm_source=en-ha-na-us-bk&utm_medium=ha
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter (free enterprise vulnerability alert feed): twitter.com/patchmanagement
Adobe has released version 10.3.181.22 of their Flash player product for Windows, Linux, Apple OS X, and Solaris. Adobe reports this update includes a fix for a vulnerability that is being exploited in the wild.
References:
http://www.adobe.com/support/security/bulletins/apsb11-13.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
VMware has released security updates affecting the following product versions:
VMware Workstation 7.1.3 and earlier
VMware Player 3.1.3 and earlier
VMware Fusion 3.1.2 and earlier
ESXi 4.1 without patch ESXi410-201104402-BG
ESXi 4.0 without patch ESXi400-201104402-BG
ESXi 3.5 without patches ESXe350-201105401-I-SG and ESXe350-201105402-T-SG
ESX 4.1 without patch ESX410-201104401-SG
ESX 4.0 without patch ESX400-201104401-SG
ESX 3.5 without patches ESX350-201105401-SG, ESX350-201105404-SG and, ESX350-201105406-SG
References:
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
A fix for a remotely exploitable bug in IBM Tivoli Endpoint Manager has been released. Details are at the link below.
Exploit code is now publicly available: http://www.exploit-db.com/exploits/17365/.
References:
https://www-304.ibm.com/support/docview.wss?uid=swg21499146
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Cisco has released fixes for two security-related bugs in Cisco AnyConnect. One potentially remotely exploitable bug affects specific AnyConnect client versions on Windows, Apple OS X, and Linux. A local privilege escalation issue affects only certain AnyConnect client versions on Windows systems.
Exploit code for affected versions of the AnyConnect client is publicly available at: http://www.exploit-db.com/exploits/17366/.
References:
http://www.cisco.com/en/US/products/products_security_advisory09186a0080b80123.shtml
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement
Apple’s promised update (APPLE-SA-2011-05-31-1 Security Update 2011-003) for removing the newest known fake AV variants affecting OS X has been released.
References:
http://lists.apple.com/archives/security-announce/2011/May/msg00000.html
email: david @ sharpesecurity.com
website: www.sharpesecurity.com
Twitter: twitter.com/sharpesecurity
Twitter: twitter.com/patchmanagement