Happy Friday!

root — Fri, 26 Feb 2010 15:25:21 +0000

Adobe libtiff exploitation
On Monday, we reported that Secunia had discovered that one of the recent Adobe Reader vulnerabilities was actually related to an old vulnerability in libtiff. Secunia had developed an exploit but kept it private. Now, there are reports that others have succeeded in constructing exploits for this issue as well. We encourage clients to apply the recent Adobe patches as soon as possible.
http://rootkit.tw/blog/?p=34
http://www.adobe.com/support/security/bulletins/apsb10-07.html

Browser vulnerabilities
A proof of concept exploit has been posted for a vulnerability in the iPhone browser. The exploit sends a malformed CSS style tag which causes a denial of service. It’s possible that a remote attacker could execute arbitrary code if the victim is tricked into visiting a malicious website. The same vulnerability is reported to also affect Apple’s Safari browser and Google’s Chrome browser.
http://www.packetstormsecurity.nl/1002-exploits/iphone_crash.py.txt
http://www.packetstormsecurity.nl/1002-exploits/safarichrome-dos.txt

Olympic themed SEO
Last week we highlighted the use of Search Engine Optimization (SEO) techniques where an attacker modifies the optimized search results of search engines to direct users to malicious sites. Currently, many search results for Olympic-themed queries lead to malicious sites. Upcoming events like the St. Patrick’s Day holiday and Spring Break in March may be the next campaigns that are abused. We encourage our customers to be cautious when clicking on links from search results and to visit official Web sites when possible.
http://www.avertlabs.com/research/blog/index.php/2010/02/23/on-olympics-st-patricks-day-screensavers-and-wallpaper/
http://twitter.com/mikkohypponen/status/9628022758

Information Armor » vulnerability

Happy Friday!