Tag Archives: Vulnerability

[Pre] WebOS Vulnerable To Several Attacks

Researchers from Intrepidus Group said in an advisory published on Friday last week that Palm’s WebOS operating system is subject to web application vulnerabilities.

These bugs can all be traced back to that fact that WebOS is essentially a web browser and the applications are written in JavaScript and HTML.

The bugs and vulnerabilites released are for WebOS 1.3.5. Palm has fixed all of them in WebOS 1.4. Anyway the Intrepidus Group said there are still undisclosed bugs in WebOS 1.4.

Via Intrepidus Group

[MacOS] Critical Safari and Firefox Java Exploit

Abstract

Landon Fuller reports that an almost six months old Java exploit has still not been fixed for Mac OS X. The exploit allows to compromise the Java sandbox in order to break out and run commands with the permissions of the executing user.

Classification

This issue is classified as serious as Java applets containing malicious code may be executed just by visiting a web page. Ladon Fuller says an illegal exploit is available in the wild. He prepared a proof of concept exploit that will make your Mac OS X computer say “I am executing in a user process“.

Applies to

The exploit aswell applies to Intel as to PowerPC based Mac OS X systems running Safari or Firefox.

More information

Some more background information and workarounds may be found on Fuller’s site.

[Linux] Demo Exploits for Acrobat in the wild

According to SecurityFocus Adobe Acrobat Reader has been compromised by using a JavaScript buffer overflow.Demo exploits have already been located on the internet. It may only be a matter of time until this exploit gets used by the botnet guys. Pay attention which PDF documents you really need to open on the net.

Description

Acrobat Reader’s getAnnots() Javascript is vulnerable to remote code execution. Arbitrary code can be run with the user’s privileges, thus circumventing Acrobat Reader’s security system.

Affected Versions

Demo Exploits are in the wild for

  • Linux Acrobat Reader 8.14
  • Linux Acrobat Reader 9.1

Other operating system may also be affected.

Workaround

As there is no patch available by Adobe at this moment, uninstalling the Acrobat Reader seems to be the best choice. Third party PDF readers are available all over the net. Find one of them here.