Blogs

Attack exploits just-patched Mac security bug - Java Runtime Environment (JRE)

http://www.theregister.co.uk/2009/12/04/mac_windows_java_attack/

A proof of concept (POC) has been released that targets unpatched
Macintosh systems.

"If you haven't installed the latest security update for Mac OS X, now
would be a good time."

This is related to the security alert sent out yesterday [NET #1379]:

Vulnerabilities in the Java Runtime Environment May Allow Privileges to be Escalated

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

"Multiple buffer and integer overflow vulnerabilities in the Java
Runtime Environment with processing audio and image files may allow an
untrusted applet or Java Web Start application to escalate privileges.
For example, an untrusted applet may grant itself permissions to read
and write local files or execute local applications that are accessible
to the user running the untrusted applet."

Vulnerabilities in the Java Runtime Environment May Allow Privileges to be Escalated

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

"Multiple buffer and integer overflow vulnerabilities in the Java
Runtime Environment with processing audio and image files may allow an
untrusted applet or Java Web Start application to escalate privileges.
For example, an untrusted applet may grant itself permissions to read
and write local files or execute local applications that are accessible
to the user running the untrusted applet."

Security Advisory for Adobe Flash Player (APSB09-19)

http://www.adobe.com/support/security/bulletins/apsb09-19.html

"Adobe is planning to release an update for Adobe Flash Player
10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and
earlier versions, to resolve critical security issues. Adobe expects to
make these updates available on December 8, 2009."

Vulnerabilities in the Java Runtime Environment May Allow Privileges to be Escalated

http://sunsolve.sun.com/search/document.do?assetkey=1-66-270474-1

"Multiple buffer and integer overflow vulnerabilities in the Java
Runtime Environment with processing audio and image files may allow an
untrusted applet or Java Web Start application to escalate privileges.
For example, an untrusted applet may grant itself permissions to read
and write local files or execute local applications that are accessible
to the user running the untrusted applet."

Security Advisory for Adobe Flash Player (APSB09-19)

http://www.adobe.com/support/security/bulletins/apsb09-19.html

"Adobe is planning to release an update for Adobe Flash Player
10.0.32.18 and earlier versions, and an update to Adobe AIR 1.5.2 and
earlier versions, to resolve critical security issues. Adobe expects to
make these updates available on December 8, 2009."

Privacy Changes for Facebook

http://www.net-security.org/secworld.php?id=8566

Facebook founder Mark Zuckerberg wrote an open letter describing some changes to the privacy of Facebook accounts (linked from above article).  It appears that regional networks are going to disappear, which may end up disclosing more information than you had intended.  He suggests that all Facebook users review their account privacy settings and update them accordingly.

Thanks,
ep

BlackBerry Attachment Service PDF Distiller Multiple Remote Code Execution Vulnerabilities

http://www.securityfocus.com/bid/37167/info

"BlackBerry Attachment Service is prone to multiple remote
code-execution vulnerabilities when handling specially crafted PDF files.

Attackers can leverage these issues to corrupt memory and execute
arbitrary code in the context of the vulnerable service, possibly with
SYSTEM-level privileges. Successful exploits will compromise the server.
Failed attacks will likely result in denial-of-service conditions. "

Pages