Security Bytes: More flaws in Mac OS X

By SearchSecurity.com Staff 24 Apr 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

New flaws in Mac OS X
Attackers could exploit new security holes in Apple Computer Inc.'s Mac OS X to cause a denial of service and other disruptions. The latest flaws were discovered by vulnerability researcher Tom Ferris, who outlined the problems on his Security-Protocols Web site.

The first problem is an error in the "BOMStackPop()" function in the BOMArchiveHelper that appears when malformed .zip archives are decompressed. The second problem is a series of errors in Safari's "KWQListIteratorImpl()", "drawText()" and "objc_msgSend_rtp()" functions that appear when malformed HTML tags are processed.

The third problem is an error in the "ReadBMP()" function that appears when malformed .bmp images are processed. This can be exploited via Safari or the Preview application. The fourth problem is an error in the "CFAllocatorAllocate()" function that appears when malformed .gif images are processed. This can be exploited via the Safari Web browser when a user visits a malicious Web site.

The fifth problem centers on two errors in the " _cg_TIFFSetField ()" and "PredictorVSetField()" functions that appear when malformed .tiff images are processed. This can be exploited via the Preview, Finder, QuickTime or Safari applications.

Danish vulnerability clearinghouse Secunia confirmed the vulnerabilities in Mac OS X 10.4.6. The firm recommended users avoid questionable Web sites, .zip archives or images coming from untrusted sources.

Apple has yet to release patches for the new quintet of flaws, which come just days after Apple released a patch for five separate Java-related vulnerabilities in Mac OS X. According to an advisory by the French Security Incident Response Team (FrSIRT), malicious users could exploit at least one of them to remotely compromise a system.

Financial firms scramble over massive online heist
Big-name financial institutions like Citigroup Inc. and SunTrust Banks Inc. continue to struggle alongside smaller credit unions and community banks regarding the recent online heist of customer debit card numbers. The breach occurred more than a month ago, but experts in the financial sector say the scope of the crime keeps getting bigger.

The Orlando Sentinel reported that in recent weeks, the nation's banks have quietly tried to quash the problem by closing hundreds of thousands of debit card accounts and giving customers new cards, account numbers and PINs. At least 350,000 accounts across the country may have been defrauded, resulting in more than $10 million in losses, according to some experts.

"In terms of financial damage, this is definitely the biggest documented case of debit card fraud we know of," Avivah Litan, a banking analyst and online-fraud expert for Stamford, Conn.-based Gartner Inc., told the Sentinel. The newspaper noted in an article last week that the computer-hacking incident has led to what may be millions of dollars in theft by a global ring of hackers using the stolen debit information and personal identification numbers.

Bank of America Corp., Wachovia Corp., Citibank and SunTrust are among the larger companies that had to notify certain customers of the breach.

Flaws surface in Symantec Scan Engine
Cupertino, Calif.-based AV giant Symantec Corp. has acknowledged three security holes in Scan Engine, a TCP/IP server and programming interface that allows third parties to incorporate support for Symantec content scanning tools into their proprietary applications.

The vendor said the program fails to properly authenticate Web-based user logins, meaning anyone with knowledge of the underlying communication mechanism can take control of the Scan Engine server. "Symantec Scan Engine uses a static private DSA key for SSL communications," the company said in its advisory. "This key cannot be changed by end users and is easily extracted. This opens the product to a potential man-in-the-middle attack."

Symantec said its engineers have verified the issues and have added fixes to the latest product update (version 5.1).

Apani unveils Snort-based tool
Brea, Calif.-based Apani Networks Inc. said Monday it is releasing a new Snort-based administrative tool designed to detect if sensitive data is in transit within the network perimeter. The product, called ThreatView, includes reporting features that give IT administrators an "executive overview of their enterprise's security risk level and a detailed network traffic analysis."

In a statement, Apani said companies can use the free utility tool to identify potential IT security shortfalls and achieve regulatory compliance. ThreatView detects cleartext password transmissions and provides detailed reporting on e-mail, instant messaging and file transfer data throughputs, the company said, adding that if usernames or passwords are sent "in the clear," ThreatView reporting will alert IT security personnel of "a regulatory compliance issue needing resolution."

"Organizations now recognize the security risks inside their 'trusted' network environments," David Lynch, vice president of marketing for Apani, said in the statement. "ThreatView provides a quick snapshot of where sensitive data is potentially being transmitted without appropriate security, allowing network administrators to better understand risks and potentially saving an organization from failing a regulatory compliance directive."

ThreatView can be downloaded for free at a number of locations, including Virgilio or Tucows.

Tags: Alternative OS security: Mac, Linux, Unix, etc.,  Information Security Laws, Investigations and Ethics,  Monitoring Network Traffic and Network Forensics,  Web Browser Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Alternative OS security: Mac, Linux, Unix, etc. Machiavelli Mac OS X rootkit unveiled at Black Hat How secure is 'Platform as a Service (PaaS)?' Security comparison: Mac OS X vs. Windows Mac OS memory flaws pose challenges for enterprise endpoint protection Rootkit Hunter demo: Detect and remove Linux rootkits Oracle to buy Sun Microsystems for $7.4 billion How to harden Linux operating systems Serious holes in Mac OS X memory, researcher shows What is the best operating system for an FTP server implementation? Black Hat DC 2009: Mac OS attack method Alternative OS security: Mac, Linux, Unix, etc. Research Information Security Laws, Investigations and Ethics Melissa Hathaway urges more cooperation, government attention to cybersecurity Cybersecurity czar candidate questions clout of new position DHS fills National Cybersecurity Center post FTC shutters rogue ISP for hosting malicious content, botnets Experts optimistic of Obama cybersecurity plan WH cybersecurity plan needs private sector guidance Obama announces creation of cybersecurity coordinator position Cybersecurity Act of 2009: Power grab, or necessary step? Face-off: Who should be in charge of cybersecurity? Feds should get private sector advice on cybersecurity Monitoring Network Traffic and Network Forensics A guide to internal and external network security auditing Best practices for (small) botnets Botnet masters turn to Google, social networks to avoid detection Preventing SQL injection attacks: A network admin's perspective Breach prevention: How to keep track of data and applications Researchers find thousands of flawed embedded devices Network traffic collection, analysis helps prevent data breaches Lifecycle of a network security vulnerability Port scan attack prevention best practices How to prevent network sniffing and eavesdropping

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary trusted computing  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary