Secure IT Alert for Thursday, February 2, 2012
If you are running a current version of Apple Mac OS X, 10.6.x or OS X 10.7.x (Snow Leopard & Lion respectively), then you are vulnerable to exploits that these patches correct.
These security flaws could potentially allow an attacker to execute code on your computer after you visit a malicious web site or download/view affected documents or files, or allow Denial of Service (DoS) or even elevation of privileges.
How do you fix this? Apple has released OS X Security Update 2012-001 and OS X 10.7.3 to fix these security problems – UPDATE ASAP.
The 52 security vulnerabilities affect 27 components that are part of OS X and OS X server. Some of the affected software includes: Apache, OpenGL, PHP, QuickTime and Time Machine.
A few examples:
Buffer overflow vulnerability in ImageIO – View a malicious image and it could result in a crash of an application, or code to be executed on your computer. The upside is, it would only execute with your privileges.
Buffer overflow vulnerability in CoreAudio – Play a malicious audio file and experience a crash of your system, or execute code with your privileges.
QuickTime vulnerabilities – Six of these babies could mean that if you open a malicious image or video in QT, code could be executed with your privileges.
The full update information can be found at http://support.apple.com/kb/HT5130
Should you require assistance in applying these updates, do not hesitate to call us in the Greenville or Upstate SC area at 864.990.4748 or email info@homelandsecureit.com
Homeland Secure IT Alert for Wednesday, January 11, 2012
Yesterday was Adobe’s first patch day of the new year and the security bulletin describes a total of six vulnerabilities in Adobe Reader and Acrobat X 10.1.1 and older, on both Microsoft Windows and Apple Mac.
The issues that are addressed are considered “critical” in nature and the solution is to download and deploy updates or to allow the Adobe Software Updater to perform the updates for you.
Adobe Reader X 10.1.2
Adobe Acrobat X 10.1.2
This is kind of old news, but seeing a blog post by someone else today reminded me that it is not patched yet…
Apple Safari web browser can be used as an avenue that would allow malicious code on a web site to be run with whatever privileges you have on that computer.
Here’s an actual security bulletin you can read about this:
https://secunia.com/advisories/47237/
Until this is patched for sure, I believe I would not be using the Apple Safari browser on a Windows 7 machine. Just my two cents.
Microsoft didn’t forget your Christmas gift…. And it’s coming early!
That’s right, Microsoft Patch Tuesday is upon us again, and this December 13th you can expect a slew of updates covering the entire line of current Microsoft Windows operating systems.
Operating Systems: Windows XP 64 & 32 bit, Server 2003 64 & 32 bit and Itanium based servers, Vista 32 & 64 bit, Windows Server 2008 and the Server Core, Server 2008 R2 Windows 7 32 / 64
Other Software: Microsoft Internet Explorer 6, 7, 8 and 9, Microsoft Office for Windows 2010 & Office 2004 2008 for Mac and individual applications Publisher 2003 & 2007, Excel 2003 PowerPoint 2007 & 2010, PowerPoint Viewer 2007, Office compatibility pack for Word, Excel and PowerPoint File Formats.
Chances are good that if you own a Microsoft Windows machine, or a Mac with Office, then you need to be letting your system update.
The complete bulletin can be found here: http://technet.microsoft.com/security/bulletin/ms11-dec
If you need assistance applying these updates or with any other computer service issue, please let us know! 864.990.4748 or info@homelandsecureit.com
It was brought to my attention a bit ago by a client that the iPad 2 with IOS 5 has a flaw that allows the last screen accessed before the Smart Cover lock was engaged.
This is obviously not good for those using the iPad for financial, medical or legal purposes.
The work around until this is fixed correctly is to lock the iPad while on the home screen or a screen which does not display anything of importance (Like “Please Stay Calm” or maybe “Angry Birds”).
A quick search turned up people talking about this on forums and a number of news articles such as this one from cnet.com.
There is mention of a security flaw with Siri that allows people to send text messages, emails and even make phone calls from a password-protected iPhone 4s lock screen.
Apple released a slew of updates to address major security vulnerabilities this week…
Be sure get your devices up to date…
- OS X Lion v10.7.2 and Security Update 2011-006
- iTunes 10.5
- Safari 5.1.1
- iOS 5 Software Update
- Numbers for iOS v1.5
- Pages for iOS v1.5
- Apple TV 4.4
In what is becoming way too common, the popular site, mysql.com was exploited, and used to distribute malware by redirecting visitors to another site this week.
Anyone browsing to mysql.com yesterday would have been redirected, and without even being prompted, then likely been exploited themselves by the software running on the rogue website which apparently looked for vulnerable browser plugins to use for an injection point.
Trend Micro’s smart web filtering may have caught this and stopped it, but one thing is for sure… Doing everything you can to protect yourself from this type of exploit is more important than ever.
You should always insure you are running up-to-date and mainstream/quality anti-virus software (Such as Trend Micro), and also keep your operating system (whether Microsoft Windows, Apple Mac OS X or even linux), browser, and all support software such as Adobe Flash Player, Adobe Reader and JAVA, as well as Microsoft Office fully updated!
Another thing you should consider is backups! With the cost of USB hard drives at an all time low, and online backup (Like our Servosity offering) being an easy install, configuration and affordable, there is no excuse to not have backups.
Should you need assistance in the Greenville / Upstate SC area determining what you or your business needs, please contact us at 864.990.4748 or email info@homelandsecureit.com. We provide sales of Trend Micro, Symantect & McAfee anti-virus protection, virus cleanup & removal, and can handle your computer service & computer repair tasks!
Using Mac’s in your enterprise?
You will want to read this article http://www.theregister.co.uk/2011/08/26/mac_osx_lion_security_hole/…
This is kind of a big deal, as it underscores that Mac OS X Lion machines simply fail at LDAP, a basic part of enterprise network integration.
In short, if you bring these Macs into your environment, once authenticated, they simply don’t care which password is entered, they simply say “yer in!”…
Those of you who believe Macs are super secure need to rethink that philosophy and accept that there are problems with all OSes that pose a threat. About a week ago, I posted about a threat that involves a pure Mac server network, without any Microsoft involvement, just as bad as this current LDAP issue, no, actually worse.
If you would like to discuss integration of Macs into your Greenville / Upstate, SC Microsoft Windows environment, please give us a call at 864.990.4748 or email info@homelandsecureit.com…
Running Adobe products? Of course you are! There are number of updates available that you need to apply. Please, if you are prompted to install these updates, do so. If not, make sure they are indeed installed, or better yet, just upgrade to the latest versions of the applications to avoid the potential for the vulnerabilities to be exploited…
These affect Apple Mac as well as Microsoft Windows…
Here’s the actual US-CERT Technical Cyber Security Alert:
National Cyber Alert System
Technical Cyber Security Alert TA11-222A
Adobe Updates for Multiple Vulnerabilities
Original release date: August 10, 2011
Last revised: –
Source: US-CERT
Systems Affected
* Shockwave Player 11.6.0.626 and earlier versions for Windows and Macintosh
* Flash Media Server 4.0.2 and earlier versions for Windows and Linux
* Flash Media Server 3.5.6 and earlier versions for Windows and Linux
* Adobe Flash Player 10.3.181.36 and earlier versions for Windows, Macintosh, Linux, and Solaris operating systems
* Adobe Flash Player 10.3.185.25 and earlier versions for Android
* Adobe AIR 2.7 and earlier versions for Windows, Macintosh, and Android
* Adobe Photoshop CS5 and CS5.1 and earlier versions for Windows and Macintosh
* RoboHelp 9 (versions 9.0.1.232 and earlier), RoboHelp 8, RoboHelp Server 9, and RoboHelp Server 8 for Windows
Overview
There are multiple vulnerabilities in Adobe Shockwave Player, Flash
Media Server, Flash Player, Photoshop CS5, and RoboHelp. Adobe has
released updates to address these vulnerabilities.
I. Description
Adobe security bulletins APSB11-19, APSB11-20, APSB11-21,
APSB11-22, and APSB11-23 describe multiple vulnerabilities in Adobe
Shockwave Player, Flash Media Server, Flash Player, Photoshop CS5,
and RoboHelp. An attacker may use these vulnerabilities to run
malicious code or cause a denial of service on an affected system.
Adobe has released updates to address these vulnerabilities.
II. Impact
These vulnerabilities could allow an attacker to run malicious code
on the affected system or cause a denial of service.
III. Solution
Users of these Adobe products should review the relevant Adobe
security bulletins and follow the recommendations in the “Solution”
section.
APSB11-19: Security update available for Adobe Shockwave Player
APSB11-20: Security update available for Adobe Flash Media Server
APSB11-21: Security update available for Adobe Flash Player
APSB11-22: Security update available for Adobe Photoshop CS5
APSB11-23: Security updates available for RoboHelp
IV. References
* Security update available for Adobe Shockwave Player -
<http://www.adobe.com/support/security/bulletins/apsb11-19.html>
* Security update available for Adobe Flash Media Server -
<http://www.adobe.com/support/security/bulletins/apsb11-20.html>
* Security update available for Adobe Flash Player -
<http://www.adobe.com/support/security/bulletins/apsb11-21.html>
* Security update available for Adobe Photoshop CS5 -
<http://www.adobe.com/support/security/bulletins/apsb11-22.html>
* Security updates available for RoboHelp -
<http://www.adobe.com/support/security/bulletins/apsb11-23.html>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA11-222A.html>
—
If you require help, please call us at 864.990.4748 or email info@homelandsecureit.com
An article in The Register states, “Beware of Macs in enterprise” due to the findings by iSec Partners who claim large numbers of Macs are “in many ways more vulnerable than recent versions of Windows.”
The vulnerability they specifically mention is the DHX authentication scheme which is easy to compromise and apparently “trivial to force OS X server to resort back to” from the more secure Kerberos.
A proof-of-concept has been demonstrated by the group that works as such: A test Mac connected to a LAN waits to be contacted by a machine running OS X server, and then it quickly copies all its authentication credentials. It then contacts other Macs on the network and pretends to be the administrator machine and when they respond it is able to access and download data from them.
More information can be found in the article above, but a rep from iSec sums it up by saying, “If we go into an enterprise with a Mac and run this tool we will have dozens or hundreds of passwords in minutes” and also that “Macs are fine as long as you run them as little islands, but once you hook them up to each other, they become much less secure.”
While we have not seen the tool used to demonstrate the threat, the theory is sound.
Apple has done little to protect their owners in regard to this, and all it would take is exploits such as this to be released into the wild and then one careless individual to cause a total compromise of networks comprised primarily of Macs.




