CYBERSPACE -- Perhaps it’s appropriate that July, the month during which the first-ever computer virus was developed (on an Apple II, for those wondering) should be as active a malware month as any other. Three of the latest threats to computing safety are directed at Adobe – and another suspected bad nasty may afflict Intel versions of Apple’s OS X.
According to CNET News.com, three critical security updates have been issued by Adobe, one of which addresses a vulnerability in the Flash player and how it works with browsers. Affected versions include Adobe Flash Player 9.0.45.0, 8.0.34.0, and 7.0.69.0, in addition to earlier versions running on all platforms.
A security advisory from Secunia explains that attackers can use a malicious vector graphics file format (SWF) to take advantage of an input validation error in 9.0.45.0 and previous versions of Adobe Flash, thus enabling them to gain remote access to computers.
Linux and Solaris systems running versions 7.0.69.0 or earlier are at risk for exploitation of a problem in how Flash Player and certain browsers interact and making it possible for attackers to log user keystrokes.
Insufficient validation of the HTTP referrer in versions 8.0.34.0 and earlier can permit cross-site forgery assaults
Installation of Flash Player 9, which is not afflicted by any of these weaknesses, is recommended. Adobe suggests that those using version 9.0.45.0 upgrade to version 9.0.47.0 for Windows, Mac, or Salaris, or 9.0.48.0 for Linux.
The OS X vulnerability is more controversial, given that it has only been reported by an independent researcher and malware developer known as Information Security Sellout or InfoSec Sellout, who claims to have created the framework of a work designed to specifically launch itself at an as-yet unrevealed area in the Intel OS X. Expected to include PPC versions once its maker has tested it against them, it is dubbed “Rape.osx” and is being watched by Apple observers, security researchers, and other malware makers.
InfoSec Sellout claimed on Sunday that the proof-of-concept worm was a variation of mDNSResponder vulnerabilities recently patched by Apple and that it can deliver root. It was later announced that the worm was initially completed on July 14th and tested on at least 1,500 OS X systems within two days. Like many before, InfoSec Sellout has declined to inform Apple about the issue until all work is complete, claiming that to do so would be irresponsible.
Although the worm merely left a text file behind to indicate that it had been on an infected system initially, reports indicate that the worm may well be fully armed with various payloads. InfoSec Sellout states that the worm currently only looks for other systems on the same network, but also indicates that expanding its range would not be particularly difficult.
