Now, this weeks favourite just came in. I was scouring my RSS feeds for interesting stuff to post but nothing really caught my eye. You know, we had the usual 10 million XSS holes, 5 million SQL injections and the odd buffer overflow but this is not as much an exploit in software as it is an exploit in stupidity.
Most Mac OSX users that I know are the types of people that think that since they switched, they don’t need an Antivirus. After all, there are no viri on Mac OSX right? Yea, and I suppose their default firewall will protect you against outgoing connections too. Anyhow back on point, these people are also the types of people that are willing to “borrow” software. Well, that’s great because if they borrow iWork09 then its possible they could get a trojan *GASP*:
http://www.informationweek.com/news/hardware/mac/showArticle.jhtml?articleID=212902080&cid=RSSfeed_IWK_ALL
Who would have thought? I guess a trojan isn’t technically a virus, but can be a means for a virus to spread. Well, that’s enough on that topic and should give you something to ponder.
January 23rd, 2009
What was it this week attack applications that use Adobe PDF technologies? For whatever reason this week had an unusual number of disclosures amongst the hundreds of SQL injection and XSS attacking the PDF file format. With that said my favourite this week is a toss up between:
Sun Solaris Adobe Reader Multiple Vulnerabilities
Advisory URL: http://secunia.com/Advisories/33491/
Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user’s system.
and:
jhead ‘DoCommand()’ Arbitrary File Deletion Vulnerability
Advisory URL: http://www.securityfocus.com/bid/32506
I find the jhead rather amusing since I use that piece of software. What I find even funnier is that I do not believe it has not yet been patched on my system, but I could be wrong. It probably will not get patched on many production servers that are running applications that the lazy administrators do not want to break. I guess when all of their files disappear they will learn their lesson.
I do not know much information about the sun adviosory other than what is listed on the secunia website but I think that the solution is hilarious.
“Do not open PDF files from untrusted sources.”
Ok, my boss just sent me a PDF do I trust it?
“Sorry Mr Boss Man, I haven’t opened any PDF’s recently because Sun told me not to. I can’t verify that it was you who actually sent the document since you send me so many.”
Oh well, another day another advisory.
January 16th, 2009