Mac Hacker Charlie Miller Locations Additional Security Hole in iPhone

Posted by:
Date: Friday, April 17th, 2009, 07:33
Category: iPod, security

3giphone.jpg
Mac hacker Charlie Miller, a principal security analyst at Independent Security Evaluators and the winner of the the CanSecWest security conference hacking contest two years straight, has detailed his latest find wherein he was able to run shellcode on an iPhone.
According to Macworld UK, it was widely believed by many security researchers that it wasn’t possible to run shellcode on an iPhone. Shellcode is code that can run from a command line, but the iPhone was thought not to allow it for security reasons.
If pulled off correctly, shellcode allows users to perform malicious actions such as gaining access to a users text messages or call history from a remote location.
Earlier versions of the iPhone OS firmware didn’t have many protections to prevent people from tampering with its memory to run other commands, Miller said. But the latest version of the iPhone’s software strengthened the overall security of the phone, Miller said.
In his report, Miller detailed how he was able to trick the iPhone into running code which then enabled shellcode. To pull this off, Miller said he needed to have a working exploit for an iPhone and a means of targeting a vulnerability in the software such as the Safari web browser or the iPhone’s operating system.
Miller said he doesn’t have one now but stated that if someone did, “this would allow you to run whatever code you want,” Miller said in an interview after his presentation.
In 2007 Miller and some of his colleagues did find a vulnerability in mobile Safari that would allow an attacker to control the iPhone. Apple was immediately notified and later issued a patch for the problem.
Miller said he isn’t sure if Apple is aware of the latest issue and stopped short of calling the problem a vulnerability, saying instead that Apple engineers may have overlooked the issue. Apple also has never come out publicly and said it is impossible to run shellcode on an iPhone, he said.

(more…)

Microsoft Releases Office 2004 11.5.4, Office 2008 12.1.7 Updates

Posted by:
Date: Wednesday, April 15th, 2009, 07:17
Category: Software

microsoftlogo.jpg
On Tuesday, Microsoft released updates for both its Office 2004 and Office 2008 suites for the Mac.
Microsoft Office 2004 version 11.5.4, a 9.7 megabyte download through the AutoUpdate program, offers stability and performance fixes and repairs a vulnerability in which an outside party could insert malicious code.
The program requires Mac OS X 10.2.8 or later to install and run.
The company also released Microsoft Office 2008 12.1.7, a 267.7 megabyte download through the AutoUpdate program that offers improvements to enhance security, stability, and performance, including fixes for vulnerabilities that an attacker can use to overwrite the contents of your computer’s memory with malicious code.
Additional details regarding the update can be found here.
Microsoft Office 2008 requires Mac OS X 10.4 or later to install and run.

(more…)

Recent Mac OS X 10.5.7 Beta Focuses on 100+ Fixes, Second Security Update for 2009

Posted by:
Date: Wednesday, April 8th, 2009, 07:44
Category: Software

applelogo1.jpg
A recent Mac OS X 10.5.7 beta has made its way among Apple developer with Apple apparently also beta testingits second security update of the year for certain Mac OS X distributions.
According to AppleInsider, build 9J44 of Mac OS X 10.5.7 was released to developers. The new beta arrives a little more than a week after the company issued build 9J39 and, per sources close to the story, offers a fix for a PDF font render along with four other fixes, thus bringing the number of documented code corrections to 104.
Similarly, the lone issue affecting the last several builds has been the inability to install Apple’s Safari 4 beta, which hasn’t been tweaked to run on the new system update.
Mac OS X 10.5.7, code-named Juno, is expected for a release sometime this month and reportedly weighs in at approximately 442MB. A combo updater capable of updating versions of Leopard prior to 10.5.6 and bundling earlier security improvements is currently about 730MB.
Where the second security update is concerned, Apple has reportedly tasked security experts with evaluating its second security update to Mac OS X of the 2009 calendar year. The release is said to be in testing for versions of Apple’s Mac OS X 10.4 operating system and a version for Mac OS X 10.5 has yet to be reported.
People familiar with the situation say Apple doesn’t brief its security testers on the improvements it bundles into beta security updates and instead asks them probe for holes blindly. As such, it’s not entirely clear what components of Tiger it targets, though the rumor is that it addresses a networking vulnerability.
Apple is expected to recommend the update “for all users” saying it “improves the security of Mac OS X.” Four different distributions are currently being evaluated: Tiger client (PPC), Tiger server (PPC), Tiger client (Intel), and Tiger server (Intel).
The latest known builds are reportedly 8S410 (PPC) and 8S2410 (Intel).

(more…)

Apple Clamping Down on Jailbreaking, Other Practices with Latest iPhone NDA

Posted by:
Date: Thursday, April 2nd, 2009, 08:19
Category: iPhone, Legal

applelogo1.jpg
With iPhone OS 3.0 en route, Apple appears to be taking a more aggressive stance against develops writing applications for jailbroken iPhone handsets. Per an Ars Technica article, Apple has recently updated its “iPhone Developer Program License Agreement”, the new version explicitly disallowing jailbreaking, assisting in jailbreaking, and developing and distributing jailbreak apps.
The report goes on to mention that while previous agreements forbade the creation of apps that violate privacy, facilitate crimes, or violate intellectual property laws, the new one restricts developers from jailbreaking their own phones.
Back in February, Apple publicly defined its legal stance on iPhone jailbreaking, arguing that it represents copyright infringement and a DMCA violation. During this time, an Electronic Frontier Foundation proposal asked for an exemption that would allow jailbreaking of iPhones or other handsets, effectively liberating the devices to run applications other than those obtained from Apple’s own iTunes App Store.
The report also states that developers are also “forbidden from using the iPhone OS, SDK, or other developer tools to develop applications for distribution in any way other than the App Store or Ad Hoc distribution.” The new changes place significant restrictions on distribution, which is now only available via the App Store at Apple’s sole discretion.
The report also notes that updated segments of the NDA specifically restrict jailbreaking or circumventing the iPhone’s built-in OS security. Though such agreements aren’t likely to entirely prevent third-party developers from writing applications, they will likely discourage developers from submitting their unapproved or rejected app on other distribution outlets that offer alternatives for customers interested in buying, testing, or installing with their software.
The text defining these restrictions reads as follows:

(e)You will not, through use of the Apple Software, services or otherwise, create any Application or other program that would disable, hack or otherwise interfere with the Security Solution, or any security, digital signing, digital rights management, verification or authentication mechanisms implemented in or by the iPhone operating system software, iPod touch operating system software, this Apple Software, any services or other Apple software or technology, or enable others to do so; and
(f) Applications developed using the Apple Software may only be distributed if selected by Apple (in its sole discretion) for distribution via the App Store or for limited distribution on Registered Devices (ad hoc distribution) as contemplated in this Agreement.

Last September, Apple extended its iPhone Developer NDA by restricting the information that developers could discuss publicly by telling developers in its App Store rejection letters that “the information contained in this message is under non-disclosure.” While discussion of details in iPhone development is generally restricted, numerous developers have complained publicly about rejections without repercussion.
If you have two cents to hurl in about this, let us know in the comments or forums.

(more…)

Mozilla Releases Firefox 3.0.8 Update

Posted by:
Date: Monday, March 30th, 2009, 06:16
Category: Software

firefox.jpg
On Wednesday, Mozilla.org released version 3.0.8 of its Firefox web browser.
The new browser, a 17.3 megabyte download, boasts two unspecified security changes.
The program requires Mac OS X 10.4 or later to install and run.
If you’ve tried the new browser and have any feedback about it, let us know over in the comments or forums.

(more…)

Adobe Reader Updated to 9.1

Posted by:
Date: Wednesday, March 11th, 2009, 08:15
Category: Software

readericon.jpg
On Tuesday, Adobe released version 8.1 of its free Reader program. The program, which has long been a staple for viewing and printing Portable Document Format (PDF) files, includes the following changes:
Addresses a number of customer workflow issues and a critical security vulnerability while providing more stability.
Adobe Reader 9.1 requires Mac OS X 10.4 or later to run and its download file size varies depending on version chosen.
If you’ve tried the new version and have any feedback to offer, please let us know in the comments or forums.

(more…)

Apple Releases Time Capsule & AirPort Extreme 7.4.1 Firmware Update

Posted by:
Date: Friday, March 6th, 2009, 08:37
Category: wireless

airport80211n.jpg
Late Thursday night, Apple leased version 7.4.1 of its firmware for its 802.11n-based AirPort Extreme and Time Capsule routers. The revised firmware, which can be downloaded either via Mac OS X’s built-in Software Update application or the update application within the AirPort Utility program makes the following fixes and changes:

  • Resolves an issue in which a client computer may be disconnected when waking from sleep.
  • Addresses an issue in which redirecting SMTP port services may disable IP-layer networking.
  • Improves the reliability of Back to My Mac-based disk sharing.
  • Includes recent AirPort security updates.
  • For AirPort Extreme with 802.11n (Fast Ethernet), AirPort Extreme with 802.11n (Gigabit Ethernet), AirPort Express with 802.11n, and original Time Capsule models, the firmware 7.4.1 update:

  • Enables remote administration and remote access to compatible USB connected drives via Back to My Mac (except on AirPort Express).
  • Improves reliability when backing up to a Time Capsule via Time Machine.
  • Includes recent AirPort security updates.
  • The update requires Mac OS X 10.4 or later to install and run.
    If you’ve tried the updates and noticed any major changes, let us know in the comments or forums.

    (more…)

    Mozilla Releases Firefox 3.0.7 Update

    Posted by:
    Date: Thursday, March 5th, 2009, 05:37
    Category: Software

    firefox.jpg
    On Wednesday, Mozilla.org released version 3.0.7 of its Firefox web browser.
    The new browser, a 17.3 megabyte download, boasts the following fixes and changes:

  • Fixed several security issues.
  • Fixed several stability issues.
  • Official releases for the Estonian, Kannada, and Telugu languages are now available.
  • Items in the “File” menu show as inactive after using the “Print” item from that menu – switching to a new tab restores them (bug 425844). This issue has been fixed.
  • For some users, cookies would appear to go “missing” after a few days (bug 444600).
  • Mac users of the Flashblock add-on, experienced an issue where sound from the Flash plug-in would continue to play for a short time after closing a tab or window (bug 474022).
  • Fixed several issues related to accessibility features.
  • The program requires Mac OS X 10.4 or later to install and run.
    If you’ve tried the new browser and have any feedback about it, let us know over in the comments or forums.

    Adium X Updated to 1.3.3

    Posted by:
    Date: Friday, February 20th, 2009, 07:07
    Category: Software

    adiumducky.gif
    Adium, the open source instant message chat client with support for multiple programs (including AOL Instant Messenger, ICQ, Jabber, MSN, Yahoo! Google Talk, Bonjour, etc.) has been updated to version 1.3.3.
    The new version, a 23.4 megabyte download, sports the following major fixes and changes listed here.
    Adium X is available for free and requires Mac OS X 10.4 or later to run. The program functions as a Universal Binary and runs at native speeds on both PowerPC and Intel-based hardware.
    If you’ve tried the new build and have any feedback, positive or negative, let us know in the comments or forums.

    (more…)

    Apple Releases Security Update 2009-001

    Posted by:
    Date: Friday, February 13th, 2009, 09:56
    Category: Software

    applesecurity.jpg
    Making Friday a somewhat official update-o-rama, Apple released Security Update 2009-001, its first collection of security fixes for the new year.
    The 43.4 megabyte download contains the following fixes and features:

  • AFP Server:
    Impact: A user with the ability to connect to AFP Server may be a able to trigger a denial of service
    Description: A race condition in AFP Server may lead to an infinite loop. Enumerating files on an AFP server may lead to a denial of service. This update addresses the issue through improved file enumeration logic. This issue only affects systems running Mac OS X v10.5.6.
  • Apple Pixlet Video:
    Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exist in the handling of movie files using the Pixlet codec. Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Credit: Apple.
  • CarbonCore:
    Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in Resource Manager’s handling of resource forks. Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved validation of resource forks. Credit: Apple.
  • CFNetwork:
    Impact: Restores proper operation of cookies with null expiration times
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. Cookies may not be properly set if a web site attempts to set a session cookie by supplying a null value in the “expires” field, rather than omitting the field. This update addresses the issue by ignoring the “expires” field if it has a null value.
  • CFNetwork:
    Impact: Restores proper operation of session cookies across applications
    Description: This update addresses a non-security regression introduced in Mac OS X 10.5.6. CFNetwork may not save cookies to disk if multiple open applications attempt to set session cookies. This update addresses the issue by ensuring that each application stores its session cookies separately.
  • Certificate Assistant:
    Impact: A local user may manipulate files with the privileges of another user running Certificate Assistant
    Description: An insecure file operation exists in Certificate Assistant’s handling of temporary files. This could allow a local user to overwrite files with the privileges of another user who is running Certificate Assistant. This update addresses the issue through improved handling of temporary files. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • ClamAV:
    Impact: Multiple vulnerabilities in ClamAV 0.94
    Description: Multiple vulnerabilities exist in ClamAV 0.94, the most serious of which may lead to arbitrary code execution. This update addresses the issues by updating ClamAV to version 0.94.2. ClamAV is distributed only with Mac OS X Server systems. Further information is available via the ClamAV website at http://www.clamav.net/.
  • CoreText:
    Impact: Viewing maliciously crafted Unicode content may lead to an unexpected application termination or arbitrary code execution
    Description: A heap buffer overflow may occur when processing Unicode strings in CoreText. Using CoreText to handle maliciously crafted Unicode strings, such as when viewing a maliciously crafted web page, may result in an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit to Rosyna of Unsanity for reporting this issue.
  • CUPS:
    Impact: Visiting a maliciously crafted website may lead to an unexpected application termination
    Description: Exceeding the maximum number of RSS subscriptions results in a null pointer dereference in the CUPS web interface. This may lead to an unexpected application termination when visiting a maliciously crafted website. In order to trigger this issue, valid user credentials must either be known by the attacker or cached in the user’s web browser. CUPS will be automatically restarted after this issue is triggered. This update addresses the issue by properly handling the number of RSS subscriptions. This issue does not affect systems prior to Mac OS X v10.5.
  • DS Tools:
    Impact: Passwords supplied to dscl are exposed to other local users
    Description: The dscl command-line tool required that passwords be passed to it in its arguments, potentially exposing the passwords to other local users. Passwords exposed include those for users and administrators. This update makes the password parameter optional, and dscl will prompt for the password if needed. Credit: Apple.
  • fetchmail:
    Impact: Multiple vulnerabilities in fetchmail 6.3.8
    Description: Multiple vulnerabilities exist in fetchmail 6.3.8, the most serious of which may lead to a denial of service. This update addresses the issues by updating to version 6.3.9. Further information is available via the fetchmail web site at http://fetchmail.berlios.de/
  • Folder Manager:
    Impact: Other local users may access the Downloads folder
    Description: A default permissions issue exists in Folder Manager. When a user deletes their Downloads folder and Folder Manager recreates it, the folder is created with read permissions for everyone. This update addresses the issue by having Folder Manager limit permissions so that the folder is accessible only to the user. This issue only affects applications using Folder Manager. This issue does not affect systems prior to Mac OS X v10.5. Credit to Graham Perrin of CENTRIM, University of Brighton for reporting this issue.
  • FSEvents:
    Impact: Using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available
    Description: A credential management issue exists in fseventsd. By using the FSEvents framework, a local user may be able to see filesystem activity that would otherwise not be available. This includes the name of a directory which the user would not otherwise be able to see, and the detection of activity in the directory at a given time. This update addresses the issue through improved credential validation in fseventsd. This issue does not affect systems prior to Mac OS X v10.5. Credit to Mark Dalrymple for reporting this issue.
  • Network Time:
    Impact: The Network Time service configuration has been updated
    Description: As a proactive security measure, this update changes the default configuration for the Network Time service. System time and version information will no longer be available in the default ntpd configuration. On Mac OS X v10.4.11 systems, the new configuration takes effect after a system restart when Network Time service is enabled.
  • perl:
    Impact: Using regular expressions containing UTF-8 characters may lead to an unexpected application termination or arbitrary code execution
    Description: A memory corruption issue exists in the handling of certain UTF-8 characters in regular expressions. Parsing maliciously crafted regular expressions may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue by performing additional validation of regular expressions.
  • Printing:
    Impact: A local user may obtain system privileges
    Description: An error handling issue exists in csregprinter, which may result in a heap buffer overflow. This may allow a local user to obtain system privileges. This update addresses the issue through improved error handling. Credit to Lars Haulin for reporting this issue.
  • python:
    Impact: Multiple vulnerabilities in python
    Description: Multiple vulnerabilities exist in python, the most serious of which may lead to arbitrary code execution. This update addresses the issues by applying patches from the python project.
  • Remote Apple Events:
    Impact: Sending Remote Apple events may lead to the disclosure of sensitive information
    Description: An uninitialized buffer issue exists in the Remote Apple Events server, which may lead to disclosure of memory contents to network clients. This update addresses the issue through proper memory initialization. Credit: Apple.
  • Remote Apple Events:
    Impact: Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information
    Description: An out-of-bounds memory access exits in Remote Apple Events. Enabling Remote Apple Events may lead to an unexpected application termination or the disclosure of sensitive information to network clients. This update addresses the issue through improved bounds checking. Credit: Apple.
  • Safari RSS:
    Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
    Description: Multiple input validation issues exist in Safari’s handling of feed: URLs. esp issues allow execution of arbitrary JavaScript in the local security zone. This update addresses the issues through improved handling of embedded JavaScript within feed: URLs. Credit to Clint Ruoho of Laconic Security, Billy Rios of Microsoft, and Brian Mastenbrook for reporting these issues.
  • servermgrd:
    Impact: Remote attackers may be able to access Server Manager without valid credentials
    Description: An issue in Server Manager’s validation of authentication credentials could allow a remote attacker to alter the system configuration. This update addresses the issue through additional validation of authentication credentials. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges
    Description: An integer overflow in SMB File System may result in a heap buffer overflow. Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges. This update addresses the issue through improved bounds checking. This issue does not affect systems prior to Mac OS X v10.5. Credit: Apple.
  • SMB:
    Impact: Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown
    Description: A memory exhaustion issue exists in the SMB File System’s handling of file system names. Connecting to a maliciously crafted SMB file server may lead to an unexpected system shutdown. This update addresses the issue by limiting the amount of memory allocated by the client for file system names. Credit: Apple.
  • SquirrelMail:
    Impact: Multiple vulnerabilities in SquirrelMail
    Description: SquirrelMail is updated to version 1.4.17 to address several vulnerabilities, the most serious of which is a cross-site scripting issue. Further information is available via the SquirrelMail web site at http://www.SquirrelMail.org/
  • X11:
    Impact: Multiple vulnerabilities in X11 server
    Description: Multiple vulnerabilities exist in X11 server. The most serious of these may lead to arbitrary code execution with the privileges of the user running the X11 server, if the attacker can authenticate to the X11 server. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security
  • X11:
    Impact: Multiple vulnerabilities in FreeType v2.1.4
    Description: Multiple vulnerabilities exist in FreeType v2.1.4, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by incorporating the security fixes from version 2.3.6 of FreeType. Further information is available via the FreeType site at http://www.freetype.org/ The issues are already addressed in systems running Mac OS X v10.5.6.
  • X11:
    Impact: Multiple vulnerabilities in LibX11
    Description: Multiple vulnerabilities exist in LibX11, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. This update addresses the issues by applying the updated X.Org patches. Further information is available via the X.Org website at http://www.x.org/wiki/Development/Security These issues do not affect systems running Mac OS X v10.5 or later.
  • XTerm:
    Impact: A local user may send information directly to another user’s Xterm
    Description: A permissions issue exists in Xterm. When used with luit, Xterm creates tty devices accessible by everyone. This update addresses the issue by having Xterm limit the permissions so tty devices are accessible only by the user.
  • Security Update 2009-001 requires Mac OS X 10.5 or later to install and run.
    If you’ve tried the update and noticed any changes, please let us know in the comments or forums.

    (more…)