Apple has issued Security Update 2010-002 (Mac OS X v10.6.3) that fixes 100 enumerated vulnerabilities in: — Mac OS X 10.5 — Mac OS X 10.6 — Mac OS X Server 10.5 — Mac OS X Server 10.6 The 400 MB+ download takes a while, so, be prepared. Info here: http://support.apple.com/kb/HT4077
It seems I prompted an exploration of infection related search terms in Google Trends over on the Forbes.com Firewall blog. “Malware” is becoming a sort of catch-all term for end-users, slowly replacing the various types of Ad/Mal/Spyware classifications. Article here – worth checking out the comment by Andy Hayter, Anti-Malcode Program Manager of ICSA Labs, too. Of course, I like to think I might have contributed in some small way to certain search terms going the way of the Dinosaur…
Didier Stevens, security professional and blogger, has found a “feature” in the PDF file format that makes it possible to package an executable in a PDF file which will run in Foxit PDF reader or run in Adobe Reader with a bit of social engineering. “With Adobe Reader, the only thing preventing execution is a warning. Disabling JavaScript will not prevent this (I don’t use JavaScript in my PoC PDF), and patching Adobe Reader isn’t possible (I’m not exploiting a vulnerability, just being creative with the PDF language specs).” ...
MS10–018 If you’re using Internet Explorer versions 6 or 7 it wouldn’t be a good idea to miss this one. “Actively exploited” for drive by down loads from malicious web sites sums it up. There’s something in it for IE8 as well. See our post yesterday: “Microsoft out-of-band patch tomorrow”
Let the iPad hype and excitement begin: Apple’s preparation for the launch of the iPad has kicked into high gear. Today, the tech giant released version 9.1 of iTunes, its vastly popular music, app, and now book-managing software. The new update doesn’t do anything like radically change the iTunes interface. Instead, it is focused on providing support for the iPad, which launches this Saturday. The big addition in this software update is iPad syncing. Thus if and when you plug that glorious iPad of yours into your computer on Saturday, it’ll sync your computer’s music, movies, books, and other media with your tablet device. ...
Google has revealed that users can now transfer files via chat in iGoogle and Orkut. This is good news for web users with a preference for software-free chatting, but the better news is that Google promises to bring the same functionality to Gmail, which already supports voice, video and group chat. The iGoogle and Orkut file transfers will work for photos, documents and presumably small video files. In addition, web users can exchange files with users of Google Talk — the more robust desktop version of Google’s chat client — without any hiccups. ...
With Google owning YouTube, the Internet’s principal delivery system for Flash-based video, it was perhaps inevitable that the company would bundle the Flash plug-in with its Chrome browser. The announcement came today from both Google and the team developing the open source Chromium component on which Chrome is based. The move now officially places Google in contention with proponents of HTML 5, who had held out a glimmer of hope for a non-proprietary, non-plug-in video format for the standard’s new [VIDEO] element. In its blog post today, the Chromium team indirectly blamed the standards process for not having solved what it perceives as the problem of specifying how plug-ins should operate, and credits Mozilla — which makes Firefox — with helping to rectify that issue. ...
There seems to be an established procedure used by government officials who want to censor Internet traffic: begin requiring Google and ISPs to filter pornography then sneak in filtering of the politically sensitive material of your choice. Maybe we should give this a name: how about “porn filter law bait and switch?” In China’s Green Dam fiasco last summer, the web filter that was required on new machines (before the whole idea broke down) was supposed to protect good Chinese Internet users from sex and violence. When various researchers took apart the Green Dam files, however, they found that 1.) it ripped off a lot of code from a U.S. company and 2) two thirds of the strings it was set up to filter were politically sensitive words and not sex and violence issues at all. ...
Today, our friends at Trend Micro blogged about a new attack vector using Microsoft Word documents. We saw this as well last week, and have written a detection for the dropped trojan. It’s not just a “lawsuit” that’s being spammed, we also picked up another form of this attack in our honeypots over the weekend: When you open the Word document, you see a “PDF”, but it’s actually not. It’s a JPG, which links to an executable. ...
Have you ever wanted to quickly send a file to a friend who’s online? Now you can share pictures, documents and other files directly with your friends while chatting in iGoogle and orkut, without having to switch to email to send the file as an attachment. File transfer works directly in the browser so you don’t need to install anything. Just start a conversation with a friend and click “Send a file…” in the “Actions” menu. After you select a file, your friend will be asked if they want to accept the transfer. You can learn more on the Google Talkabout Blog. ...