Apple

Stories related to Apple Computer Inc.

OS X malware family has a new member: OSX.Lamzev.A

New Trojan horse for Mac environment has been discovered.

The Trojan is known as OSX.Lamzev.A by Symantec.

When it is executed it will create the file ezmal to the Applications folder (the name is Applications in localized installations too).

The names of earlier widely known OS X malware are Mac.Hovdy.a (June ’08), OSX.Exploit.Launchd (June ’06) and Leap.A (February ’06). When saying ‘widely known’ it doesn’t mean that they were widely spreaded.

I remember the exact number of 63 when talking about known Mac malware.

There are no worms for Apple – yet.

Three good reasons why iPhone isn’t the major corporate smartphone

Time to share information about three vulnerabilities reported in Apple iPhone recently.

There is a phishing vulnerability and a spamming vulnerability, which Aviv Raff has reported this month.

The phishing flaw exist in iPhone’s Mail application. With a specially drafted link it’s possible to convince the victim that the link is trusted. Including the address bar, naturally – see Raff’s screenshot here [.jpg].

The second problem is that downloading remote images is not disabled in Mail, i.e. the Web Bug flaw exists in the application and there is no ways to disable that “feature”.
The third one is a SMS security issue found by the son of blogger Karl Kraft, described below:

Those settings block the display of incoming text messages and show an alert saying “New Text Message” if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.

And then:

“Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message,” Kraft writes.

That was reported (yes, by his father) in iPhone version 2.1 (5F136) – the most recent version too.

Still using Windows 2000? you are at risk

As Microsoft gradually stops supporting Windows 2000, vendors of other products around them also stop supporting it. This is no big deal for those that moved to Windows XP, 2003 or Vista – but it could be a big deal to all those that simply don’t have the computer power to do the switch and want to stick to their working OS.

Microsoft has promised to release security related patches for Windows 2000 for a bit more, but this will eventually stop – what is more concerning is the fact that Adobe and Apple have done this quietly and are placing their users at risk.

It has been quite a while now that Adobe [Acrobat Reader] has not released an update for its software with the claim – you guessed it – unsupported OS, and even more than a while that Apple [QuickTime] has not released an update for Windows 2000.

With the emergence of new vulnerabilities for Acrobat Read and QuickTime people are not only left behind on the vulnerability prevention race track, they are not made aware of it – both programs don’t care enough to give their users adequate wanning they are at risk.

List of issues affecting QuickTime with no apparent fix for Windows 2000:

* QuickTime 7.2 issues, QuickTime 7.3 issues, QuickTime 7.4 issues, QuickTime 7.5 issues – all these probably affect QuickTime 7.1 too

The number of unpatched QuickTime flaws is: two

The number of recent QuickTime PoC’s is remarkable large and the active exploitation has begun as well, as many of the readers know.

However, the QuickTime RTSP vulnerability reported on 23th Nov is not the only one.

It appears that WabiSabiLabi team has reported that there is another (they call it zero-day vuln) flaw in Apple’s QuickTime player too.

This is what their blog post states:

We just want to specify that the vulnerability shown on those POCs IS NOT the one present in our marketplace.

They are pointing to PoCs listed at Milw0rm etc.

And a summary:

The first issue reported by Krystian Kloskowski (aka h07) is CVE-2007-6166 – CVSS score 9.3. For workarounds see US-CERT VU#659761.

The second issue reported by unknown person is CVE-2007-6238 – CVSS score 10.0. Reportedly ‘Affected system: Windows XP’.

Fact of the week: iPhone widgets doesn’t send IMEI

I’m sure there are people not aware of the recent state of Apple iPhone IMEI case.
It was reported by UNEASYsilence blog (pointing to the older forum post of Hackint0sh.org) that “Stocks” and “Weather” widgets send the IMEI number to Cupertino.

I.e. like this:

iphone-wu.apple.com/dgw?imei=%@&apptype=finance

The fact is, however, that the string being sent is not the International Mobile Equipment Identity code.

Reference: Docpool.org/iphone/The day after.en.html

What the widget sends is UUID code (Universally Unique Identifier).

Hey, IMEI has 15 characters (and only numbers) and UUID has 32 characters.

Mozilla’s JavaScript fuzzer – Opera’s best friend

Window Snyder, the head of security strategy at Mozilla Corporation wrote this week about the Opera’s way to use Mozilla’s fuzzer for JavaScript. Mrs. Snyder is pointing to the post of Claudio Santambrogio from Opera Software:

While running the tool, we found four crashers – one of which might have some security implications.

When we are reading news like this from Microsoft and Apple?

New Worm Found In Apples?

A security researcher going by the name of InfoSec Sellout has claimed to have found an undisclosed security vulnerability in  mDNSResponder which he is claiming is remotely exploitable.

At present there is only a prrof-of-concept worm that will leave a file on the system to prove that it’s been exploited, apparently though modifying the payload on this one is a trivial task. This has currently only been tested on Intel Macs, as the author does not have any PPC hardware at his disposal at present.

As yet, the author has not notified Apple about this one, as he does not want to give incomplete research results, but more importantly he is also waiting for compensation from unnamed sources, so this really is an interesting one.

I’m going to try and set up an interview with the author and see what other info he is willing to disclose.

Here’s a few links on this one:

http://www.securityfocus.com/bid/24924

http://infosecsellout.blogspot.com/