A vulnerability in iPhone software that was revealed in last week's Black Hat Security Conference has now been patched, according to consumer giant Apple.
An update is now available on the Apple website which aims to fix a critical iPhone flaw that attackers could exploit to crash the iPhone software.
In Apple's latest advisory, users are warned of "receiving a maliciously crafted SMS message [that] may lead to an expected service interruption or arbitrary code execution.
This means that a text message crafted by an attacker and sent to the iPhone can allow the attacker to execute code remotely.
While asking users to be wary of suspicious text messages, Apple assures them that "the update addresses the issue through improved error handling."
Two security experts, Charlie Miller and Colin Mulliner, presented the details of the iPhone flaw last week in Las Vegas during the Black Hat Security Conference.
]]>Chinese hackers have reportedly tinkered with the final code for Windows 7 even as Microsoft and manufacturers are still just getting familiar with the newly released application.
Security experts have called it ironic that the Windows 7 code that was made purposely to counter piracy is now circling the hacking community in China. Various Chinese online forums have reported that several Chinese hackers have taken advantage of a hole in Windows Genuine Advantage anti-piracy system in Windows Ultimate release. What the hackers did was to fully activate the software offline, thus depriving Microsoft of the exclusivity as activation server.
Chinese hackers have allegedly used an ISO file that was leaked on the network to be able to hack the activation certificate digitally signed by Microsoft for the OEM version of Windows 7.
In response, Microsoft has quickly released a statement urging customers not to avail of the pirated copy.The BlackBerry update had been distributed as a WAP Push message which turned out to contain an application that, if triggered, can intercept email and even shorten battery life. The attack was accidently discovered by a user who clicked on a Java file contained in the update labeled as "Etisalat network upgrade for BlackBerry service. Please download to ensure continuous service quality."
Users had been tricked to click on the update and eventually found their batteries drained while competing through network traffic to download the said update. The update is housed in a directory labeled as /com/ss8/interceptor/app, which points to UAE networking company SS8.
SS8 however denied sending the update but admitted that it has authored a similar application. Etisalat and RIM, another networking company, have not released a statement regarding the matter. The competing operators though have not come up with a solution and instead chose to keep the issue under their sleeves.
]]>This was the stern warning issued by security companies on Monday as they raise the alarm over the rapid spread of security threats using these social networking sites.
Security experts from Symantec and Japanese firm Finjan said malicious links found in Twitter and similar sites have affected its user's PC.
“Spammers were using a Twitter-branded e-mail message in an attempt to convince the recipient to open up a .zip file to infect the victim's computer,” said Symantec in its security blog.
In a blog post about cybercrime, Gary Warner said that shortened URLs are particularly attractive to users but will eventually lead them to a chain of redirects that will compromise their system.
]]>A serious security flaw on Java was discovered by Sun six months ago. The vulnerability has affected several platforms that run on Java although most operating-system vendors, except Apple, have immediately issued patches.
Last month, security expert Julien Tinnes and Security firm Intego together published criticisms on Apple for neglecting to patch the bug and only issuing a security update months after its discovery.
“Apple has been aware of this vulnerability for at least five months since it was made public, but has neglected to issue a security update to protect against this issue,” said Intego in its security advisory.
]]>While updates on the rate of recorded attacks of Grumblar, also named JSRedir-R and Martuz, show a significant decline in the last week of May, this does not mean it has stopped its online mayhem.
Websense tracked the sites compromised because of the attacks and monitored the trend leading to Grumblars near inertness. According to Websense's researchers, the attacks peaked at 82,500 on May 26 and from there slowly declined.
“...the predecessor to the Gumblar attack is still alive, but it is on the decline. The older injection peaked at approx 17,000 sites on April 25, 2009. This peak was in the earlier days of the attack; it has since then stabilized at about 10,000,” according to the Websense blog posted last week.
]]>In its advisory posted last Thursday, Microsoft said attackers use malicious QuickTime files to allow them to compromise the system by stealing user rights.
Microsoft said the attacks are “limited” but still asked users to employ measures to protect their system, including constantly updating their software.
“The vulnerability could allow remote code execution if a user opened a specially crafted QuickTime media file. Microsoft is aware of limited, active attacks that use this exploit code,” said the advisory.
]]>Developers of OpenSSH or SecureShell has come up with version 5.2 which implements countermeasures against probable attacks. The lower versions contain a flaw that attackers can exploit to read encrypted data.
Other SSH software may also have the same vulnerability, said security experts belonging to the Information Security Group at the University of London’s Royal Holloway.
The attack can be done during cryptographic processing, when an attacker could have a one in more than 200,000 chance to invade the system and read data from ciphertext.
]]>