Article

Security Bytes: More flaws in Mac OS X

SearchSecurity.com Staff

New flaws in Mac OS X
Attackers could exploit new security holes in Apple Computer Inc.'s Mac OS X to cause a denial of service and other disruptions. The latest flaws were discovered by vulnerability researcher Tom Ferris, who outlined the problems on his Security-Protocols Web site.

    Requires Free Membership to View

The first problem is an error in the "BOMStackPop()" function in the BOMArchiveHelper that appears when malformed .zip archives are decompressed. The second problem is a series of errors in Safari's "KWQListIteratorImpl()", "drawText()" and "objc_msgSend_rtp()" functions that appear when malformed HTML tags are processed.

The third problem is an error in the "ReadBMP()" function that appears when malformed .bmp images are processed. This can be exploited via Safari or the Preview application. The fourth problem is an error in the "CFAllocatorAllocate()" function that appears when malformed .gif images are processed. This can be exploited via the Safari Web browser when a user visits a malicious Web site.

The fifth problem centers on two errors in the " _cg_TIFFSetField ()" and "PredictorVSetField()" functions that appear when malformed .tiff images are processed. This can be exploited via the Preview, Finder, QuickTime or Safari applications.

Danish vulnerability clearinghouse Secunia confirmed the vulnerabilities in Mac OS X 10.4.6. The firm recommended users avoid questionable Web sites, .zip archives or images coming from untrusted sources.

Apple has yet to release patches for the new quintet of flaws, which come just days after Apple released a patch for five separate Java-related vulnerabilities in Mac OS X. According to an advisory by the French Security Incident Response Team (FrSIRT), malicious users could exploit at least one of them to remotely compromise a system.

Financial firms scramble over massive online heist
Big-name financial institutions like Citigroup Inc. and SunTrust Banks Inc. continue to struggle alongside smaller credit unions and community banks regarding the recent online heist of customer debit card numbers. The breach occurred more than a month ago, but experts in the financial sector say the scope of the crime keeps getting bigger.

The Orlando Sentinel reported that in recent weeks, the nation's banks have quietly tried to quash the problem by closing hundreds of thousands of debit card accounts and giving customers new cards, account numbers and PINs. At least 350,000 accounts across the country may have been defrauded, resulting in more than $10 million in losses, according to some experts.

"In terms of financial damage, this is definitely the biggest documented case of debit card fraud we know of," Avivah Litan, a banking analyst and online-fraud expert for Stamford, Conn.-based Gartner Inc., told the Sentinel. The newspaper noted in an article last week that the computer-hacking incident has led to what may be millions of dollars in theft by a global ring of hackers using the stolen debit information and personal identification numbers.

Bank of America Corp., Wachovia Corp., Citibank and SunTrust are among the larger companies that had to notify certain customers of the breach.

Flaws surface in Symantec Scan Engine
Cupertino, Calif.-based AV giant Symantec Corp. has acknowledged three security holes in Scan Engine, a TCP/IP server and programming interface that allows third parties to incorporate support for Symantec content scanning tools into their proprietary applications.

The vendor said the program fails to properly authenticate Web-based user logins, meaning anyone with knowledge of the underlying communication mechanism can take control of the Scan Engine server. "Symantec Scan Engine uses a static private DSA key for SSL communications," the company said in its advisory. "This key cannot be changed by end users and is easily extracted. This opens the product to a potential man-in-the-middle attack."

Symantec said its engineers have verified the issues and have added fixes to the latest product update (version 5.1).

Apani unveils Snort-based tool
Brea, Calif.-based Apani Networks Inc. said Monday it is releasing a new Snort-based administrative tool designed to detect if sensitive data is in transit within the network perimeter. The product, called ThreatView, includes reporting features that give IT administrators an "executive overview of their enterprise's security risk level and a detailed network traffic analysis."

In a statement, Apani said companies can use the free utility tool to identify potential IT security shortfalls and achieve regulatory compliance. ThreatView detects cleartext password transmissions and provides detailed reporting on e-mail, instant messaging and file transfer data throughputs, the company said, adding that if usernames or passwords are sent "in the clear," ThreatView reporting will alert IT security personnel of "a regulatory compliance issue needing resolution."

"Organizations now recognize the security risks inside their 'trusted' network environments," David Lynch, vice president of marketing for Apani, said in the statement. "ThreatView provides a quick snapshot of where sensitive data is potentially being transmitted without appropriate security, allowing network administrators to better understand risks and potentially saving an organization from failing a regulatory compliance directive."

ThreatView can be downloaded for free at a number of locations, including Virgilio or Tucows.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: