• United States

Researchers: Serious flaws in MacOS X

Feb 23, 20063 mins

* Patches from Debian, SuSE, Gentoo, others * Beware new Sdbot that communicates with remote sites via HTTP * Study shows how photonic decoys can foil hackers, and other interesting reading

Today’s bug patches and security alerts:

More security problems bite Apple

Experts have uncovered a serious security hole in the way Apple software handles downloaded files. The flaw could give malicious attackers a back door into Mac computers if users visit carefully crafted Web sites and download booby-trapped files. BBC News, 02/22/06.

Related advisories:

US-CERT: Apple MacOS X Safari Command Execution Vulnerability

Internet Storm Center Handler’s Diary

Symantec advisory


New version of Opera browser available

Version 8.52 of the Opera browser is now available and fixes security flaws found in previous releases. The most serious of the flaws could be exploited in phishing attacks.


Debian patches tutos

A number of vulnerabilities have been found in tutos, a Web-based team organization system. An attacker could exploit the flaws to inject SQL commands or run Web scripting code.


SuSE releases fix for gpg, liby2util

A flaw in the way gpg was returning results for handcrafted signature files could be exploited to gain access to an affected system with bogus credentials.


The latest updates from Gentoo:

GPdf (multiple heap overflows)

OpenSSH, Dropbear (elevated privileges)


New updates from Mandriva:

kernel (multiple flaws)

tar (buffer overflow)


New patches from Ubuntu:

noweb (non-secure temp files)

openssh (shell code injection)

bluez-hcidump (denial of service)


Today’s roundup of virus alerts:

Impact of worm targeting Mambo CMS low, say researchers

F-Secure is warning of a network worm that targets vulnerabilities in the Mambo Content Management System and PHP XML-RPC,a library of code for PHP programmers that allows procedures to run between computers with different operating systems. IDG News Service, 02/21/06.

Troj/Haxdoor-GN — A backdoor worm that can be used to install additional malware on the infected host and allow back door access. It drops a number of files in the Windows System folder, including “avpe32.dll”, “avpe64.sys”, “qz.dll” and “qz.sys”. (Sophos)

Troj/Bancos-QG — This virus records keystrokes and displays fake error screens. It is installed as “tasklist32.exe” in the Windows System directory. (Sophos)

W32/Sdbot-AVZ — A new Sdbot variant that communicates with remote sites via HTTP. It initially drops “secure32.exe” in the Windows System folder. (Sophos)

W32/Bagle-CY — A new Bagle e-mail worm that is installed as “sysformat.exe” in the System folder. No word on the message characteristics used to spread the nuisance. (Sophos)

Troj/Banker-AKW — Another Trojan used to target banking credentials. It is installed as “iewq32.exe” in the Windows System folder. (Sophos)


From the interesting reading department:

The New Face of Phishing

An interesting post from Gadi Evron on the Bugtraq mailing list looking at disturbing trends in phishing.

Study shows how photonic decoys can foil hackers

A University of Toronto professor and researcher has demonstrated for the first time a new technique for safeguarding data transmitted over fiber-optic networks using quantum cryptography., 02/22/06.