Security-Protocols

Alastair has posted a very detailed analysis report regarding the .DMG flaw which was posted by LMH for the fame MOKB

In fact, all lmh has found here is a bug that causes a kernel panic. Not a security flaw. Not a memory corruption bug. Just a completely orderly kernel panic. There aren’t even any processor exceptions involved; the path to the panic is perfectly normal non-exceptional code using ordinary function calls.

You can read the full post here: http://alastairs-place.net/2006/11/dmg-vulnerability/

Thanks Alastair!

So I wanted to write an update regarding the recent post about the first OSX malware which was sent and not found by F-Secure.  I was reading the Rixstep blog and he has a really nice write up regarding this report.  Below is a quote from his post:

What a bunch of incompetent pompous boobs. First of all, F-Secure didn’t ‘discover’ anything - it was sent to them. Secondly, you can’t copy ’system library files’ to a machine without privilege escalation. Period. Thirdly, it’s obvious - especially when reading the ‘gem’ ‘Kamil’ posted - that the team at F-Secure are hideously incompetent when it comes to OS X and Unix in general.

Post is here: http://rixstep.com/1/1/20061128,00.shtml

So Apple has finally released the 2006-007 (Bond Edition) security update which fixes 31 security vulnerabilities!  Twelve of the 22 fixes allow remote code execution. Anyway, I reported a bunch of different Safari flaws and it looks like only one of them got fixed this round.  Below are links to the advisories:

Apple OSX Safari 2.0.4 “WebTextRenderer” DoS
Apple OSX Safari 2.0.4 “RenderBlock::createLineBoxes” DoS
Apple OSX Safari 2.0.4 Out-of-Bounds Memory Read

Joris Evers writes that…

“A new adware program silently installs on Mac OS X systems and opens Web browser windows, according to F-Secure. The program, dubbed iAdware by the Finnish security company, is possibly the first example of adware for Macs. It is especially interesting since it doesn’t require administrative privileges to nestle itself on the computers, according to F-Secure.”

So F-Secure decided they would name it iAdware, how lame and unoriginal is that? Seriously, could have come up with something much better like.. FirstOSXAdwareFoundByFSecure.app or something…

“We won’t disclose the exact technique used here, it’s a feature not a bug, but let’s just say that installing a System Library shouldn’t be allowed without prompting the user,” according to the F-Secure blog on Thursday.”

Why wont F-Secure disclose the information so we can protect our super secure OS X machines? This just doesnt make sense. I thought F-Secure was a whitehat full-disclosure type of company??

“In theory, this program could be silently installed to your user account and hooked to each application you use,” according to the F-Secure blog. “This particular sample successfully launched the Mac’s Web browser when we used any of a number of applications.”

But in the next quote from F-Secure they give up the information. Nice! I bet allot of those Adware/Malware guys are off to write some Adware for OS X. We are all now doomed! How could of this happened Steve?

A divide by zero flaw exists within Windows Media Player 11, and all prior versions which allows for an attacker to send a user a specially crafted .MP3 file causing the application to crash.

You can read the advisory here: sp-x35-advisory