Firefox 3.0.4 closes nine security holes

November 13, 2008 – 9:13 AM

The Mozilla Foundation has released Firefox version 3.0.4 to close nine security holes. The developers rated four of the holes as critical because they allow attackers to execute arbitrary code on the victim’s system. One of the critical holes is a classical buffer overflow that can be triggered via specially crafted server responses.

A flaw in the way the browser restores a session after a program crash can cause Firefox to violate the same-origin policy when executing JavaScript code, which could be exploited to execute the code in the context of a different website. Attackers could remotely trigger a crash and subsequent restart to steal a user’s access data to other web pages, for example.

Two of the critical holes have so far only been observed to cause crashes, but the developers suspect that the flaw can also be exploited to inject and execute code, as it involves memory corruptions. A flaw in the same-origin check in the nsXMLHttpRequest::NotifyEventListeners function also allows attackers to execute JavaScript in the context of another page. The developers only rated this security risk as high.

Two additional critical holes were closed in Firefox 2.0.0.18 and SeaMonkey 1.1.13. While both vulnerabilities are caused by memory corruptions and mainly lead to program crashes, the developers didn’t rule out that they could be exploited to infect systems. Specially crafted Shockwave and other files could corrupt the Flash player plug-in but give the browser continued access to the now essentially unmapped memory area.

Source:
http://www.heise-online.co.uk/news/Firefox-3-0-4-closes-nine-security-holes–/111952

AVG Virus Scanner Accidentally Removes Critical Windows Component

November 11, 2008 – 1:11 PM

The world of computer security can be a scary place for friends and foes alike. This weekend users’ found their AVG software updated with a new virus definition file. Then they quickly found their computers crashing.

What was discovered was that the new virus definition file mistook user32.dll, a critical Windows component, for a container for the Trojan Horses PSW.Banker4.APSA or Generic9TBN. When the scanner went active, it deleted this critical file, thinking it contained a virus, causing the system to crash. AVG recommended users whose definitions auto-updated delete their virus definition file and cancel any scans they have running.

If your computer is affected, it will either stop booting or go into an endless reboot loop. Vista users can breathe a sigh of relief — so far that OS has remained relatively unaffected. Windows XP users, however must now exercise extreme caution, or risk having to carry out a bothersome repair process.

Both AVG 7.5 and AVG 8.0 were affected by the erroneous definition file. The file has since been update to remove the error.

For affected users, you can either reinstall Windows or repair it with a Windows disk. A third option is to use a boot disc, such as the Ultimate Boot CD (ISO) and then grab the files you need from the “C:\Windows\System32\dllcache” directory.

Source:
http://www.dailytech.com/Update+AVG+Virus+Scanner+Accidentally+Removes+Critical+Windows+Component/article13407.htm

Android flaw executed typed text

November 10, 2008 – 12:15 PM

With the news that Google’s Android shipped with an embarrassing security hole being followed by a simple two-step method to ‘jailbreak’ the OS, you’d think that the company had ironed out most of the remaining bugs – but you’d be wrong.

According to ZDnet’s Ed Burnette, the open-source Linux-based smartphone platform recently shipped in T-Mobile’s G1 handset contains a real doozy of a back door: it would appear that absolutely anything you write, at absolutely any time, will be evaluated as a system command.

The bug, which affects handsets running Android 1.0 TC5-RC29 or earlier, can be demonstrated in a simple way: in any text entry box – even on a webpage or in the address book – hit the ‘enter’ key and type ‘reboot’ followed by ‘enter’ again. If your handset is vulnerable, you’ll see it suddenly decide to restart the OS.

The flaw is even more of an embarrassment when you learn that commands executed in this way run as the ‘root’ user, with complete system access. If you happen to be typing a document on how to hose a Linux system by typing in inadvisable commands, you can expect to learn about this one the hard way.

Source:
http://www.bit-tech.net/news/2008/11/10/android-flaw-executes-typed-text/1

Hackers exploit PDF security flaws

November 10, 2008 – 10:12 AM

Attackers have been using the recently announced vulnerability in Adobe Reader 8 to attack Windows users, warn security experts from ISC (Internet Storm Center). The attackers are exploiting the util.printf JavaScript function to trigger a buffer overload. A PDF containing the malicious code was recognised by over 30 virus scanners at VirusTotal, although it would take only a simple obfuscation of the code to outsmart antivirus engines.

Adobe has now released version Reader 8.1.3 to address the vulnerabilities. Users of newer Windows (from Windows 2000) and Mac operating systems (from 10.4.11) should be using Adobe Reader 9, which is not vulnerable. Switching to competitive software would not necessarily guarantee greater security – six months ago, a virtually identical problem was discovered in Foxit Reader.

Source:
http://www.heise-online.co.uk/news/Hackers-exploit-PDF-security-flaws–/111920

ActiveX poses threat to Vista, Microsoft says

November 10, 2008 – 6:29 AM

Windows Vista operating system is far better protected from attack code than Windows XP is. However, in a report issued last week, the company said that its own ActiveX plug-in technology is a significant threat to Vista.

The latest of the company’s twice-yearly security intelligence reports said that half of the top 10 browser-based attacks against Windows XP over the past six months exploited vulnerabilities in Microsoft’s own software.

None of the top 10 attacks against Vista systems did so, the report said. Instead, most of those attacks targeted bugs in third-party Internet Explorer add-ins created using ActiveX controls.

Source:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=329520&source=rss_topic17