Mac Security: Weekly Summary 20060601 &A#JD1Tg!d8

It's a yawner week for security on Mac OS X. There is nothing new.

So, let's check out this week's vulnerability scores: - Windows related vulnerabilities: 14 - Mac OS X related vulnerabilities: 0 Windows wins again.

The big exciting, 'highly critical' Windows related vulnerability this week is in none other than my very favorite (NOT) anti-virus program: Norton Anti-Virus by FUD monger Symantec. (Although, I should note that recently the CEO of Symantec recommended that Windows users move over to Mac if they care about computer security). Use NAV to download the latest patch to plug this security hole.

Virus alerts this week from Secunia: None.

Being a bit bored with this lack of Secunia virus alerts over the last few months, I have decided to add malware information from a couple other sources. Here goes:

A) McAfee Threat Center:

Yeah, McAfee are the biggest Mac security FUD mongerers around. So I decided to use their own data to prove them wrong!

- Global Threat Condition = Elevated - Listed Top Malware for Mac = none - Listed Top Vulnerabilities for Mac = none - Listed Top Potentially Unwanted Programs for Mac = none - Top 5 Phishing Scams: 1. HSBC Online Banking 2.ÊImportant Notification 3. Verify Your Account Details 4. Pbuttword Change Required 5. PayPal - Fraud Prevention Measures

B) Sophos

Most kewl is the Sophos RSS feed of their latest virus alerts:

- Current Sophos virus alerts:

* Inexpensive anti-virus for Mac OS X = ClamAV. Currently I know of two GUI implementations:

a) ClamXav = Totally free. You can download the current version (v1.0.3 based on the latest ClamAV, v0.88.2) at:

b) Tiger Cache Cleaner = $5, and includes about 40 other useful utilities for the price. You can download the current version (v3.1.4, currently installs ClamAV v0.88.1) at:

Here, as ever are sections 2 - 4 from the Secunia Weekly Summary. You can sign up for their weekly report and obtain report details at:

======================================================================== 2) This Week in Brief:

eEye Digital Security has reported a vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition, which can be exploited by malicious people to compromise a user's system.

Users of Symantec products are advised to view the referenced Secunia advisory for additional details and information about patches.

Reference:

--

VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

======================================================================== 3) This Weeks Top Ten Most Read Advisories:

1. SA20153 Microsoft Word Malformed Object Code end Vulnerability 2. SA19762 Internet Explorer "object" Tag Memory Corruption Vulnerability 3. SA20107 RealVNC Pbuttword Authentication Bypbutt Vulnerability 4. SA19738 Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information 5. SA20261 Cisco VPN Client Privilege Escalation Vulnerability 6. SA19521 Internet Explorer Window Loading Race Condition Address Bar Spoofing 7. SA18680 Microsoft Internet Explorer "createTextRange()" Code end 8. SA20288 Novell Netware abend.log User Credentials Disclosure 9. SA15601 Mozilla Mozilla Firefox Frame Injection Vulnerability 10. SA20300 Basic Analysis and Security Engine "BASEpath" File Inclusion

======================================================================== 4) Vulnerabilities Summary Listing

Windows: SA20361 wodSFTP ActiveX Component Arbitrary File Access Vulnerability SA20318 Symantec Client Security AntiVirus Unspecified Code end SA20407 F-Secure Products Web Console Buffer Overflow Vulnerability SA20357 Enigma Haber Multiple SQL Injection Vulnerabilities SA20355 AspSitem SQL Injection and Private Message Disclosure SA20348 Nukedit "groupid" Parameter Administrator Register Vulnerability SA20347 Hitachi HITSENSER3 SQL Injection Vulnerability SA20335 My Web Server Long URL Denial of Service SA20317 Mini-NUKE SQL Injection Vulnerabilities SA20309 qjForum member.asp SQL Injection Vulnerability SA20294 NewsCMSLite Admin Logon Bypbutt Vulnerability SA20360 ASPBB "search" Parameter Cross-Site Scripting Vulnerability SA20319 Omegasoft Insel "WCE" Parameter Cross-Site Scripting SA20342 Jiwa Financials Information Disclosure Vulnerability

UNIX-Linux: SA20313 Ubuntu update for nagios SA20281 Mandriva update for mpg123 SA20398 SUSE update for kernel SA20374 4nForum "tid" Parameter SQL Injection Vulnerability SA20345 Gentoo update for libtiff SA20344 Gentoo update for cherrypy SA20339 Mandriva update for dia SA20338 Debian update for kernel-source-2.4.17 SA20326 Debian update for libextractor SA20323 Open-Xchange Default Account Pbuttword SA20314 Ubuntu update for postgresql SA20284 Pre News Manager Multiple SQL Injection Vulnerabilities SA20381 UnixWare update for MySQL SA20283 Debian update for awstats SA20396 SUSE update for rug SA20389 FreeBSD ypserv Inoperative Access Controls Security Issue SA20333 Debian update for mysql-dfsg SA20302 OpenOBEX ircp File Overwrite Vulnerability SA20390 FreeBSD SMBFS chroot Directory Traversal Vulnerability SA20388 SUSE update for vixie-cron SA20380 Vixie Cron "docommand.c" setuid Security Issue SA20370 Shadow "useradd.c" Insecure Mailbox File Permissions SA20368 Debian update for motor SA20332 Avaya PDS Software Distributor Privilege Escalation SA20329 Motor ktools VGETSTRING Buffer Overflow Vulnerability SA20325 AIX lsmcode Unspecified Privilege Escalation Vulnerability SA20312 SUSE update for foomatic-filters SA20368 plus 1 xine-lib HTTP Response Heap Corruption Weakness SA20330 Debian update for tiff SA20315 Debian update for dovecot SA20308 Dovecot "LIST" Command Directory Traversal Weakness SA20349 Linux Kernel SMP "-proc" Race Condition Denial of Service SA20337 PHP "curlinit()" Safe Mode Bypbutt Weakness

Other: SA20378 Secure Elements Clbutt 5 AVR Multiple Vulnerabilities SA20343 D-Link Airspot DSA-3100 Gateway "uname" Cross-Site Scripting SA20288 Novell Netware abend.log User Credentials Disclosure SA20377 Secure Elements Clbutt 5 AVR Message Encryption Security Issue

Cross Platform: SA20404 METAjour "systempath" Parameter File Inclusion Vulnerabilities SA20399 Ottoman "defaultpath" File Inclusion Vulnerabilities SA20373 phpMyDesktoparcade Local File Inclusion and Script Insertion SA20364 IBM DCE Two Kerberos Vulnerabilities SA20356 tinyBB SQL Injection and File Inclusion Vulnerabilities SA20354 phpBB Activity Mod Plus Module "phpbbrootpath" File Inclusion SA20353 UBB.threads Cross-Site Scripting and File Inclusion SA20350 phpBB Blend Portal System Module "phpbbrootpath" File Inclusion SA20346 Fastpublish CMS "configfsBase" File Inclusion Vulnerabilities SA20331 Hot Open Tickets "CLbuttPATH" Parameter File Inclusion SA20310 Plume CMS "-manager-frontinc-prepend.php" File Inclusion SA20301 open-medium.CMS "404.php" File Inclusion Vulnerability SA20300 Basic Analysis and Security Engine "BASEpath" File Inclusion SA20299 ActionApps "GLOBALSAAINCPATH" File Inclusion SA20298 DoceboLMS "lang" Parameter File Inclusion Vulnerabilities SA20292 Back-End CMS "PSLclbuttdir" File Inclusion Vulnerability SA20375 pppBLOG "files0" Parameter Disclosure of Sensitive Information SA20367 WebCalendar "includedir" Parameter Arbitrary Setting File Loading SA20366 WikiNi Script Insertion Vulnerabilities SA20359 phpBB Nivisec Hacks List Module Local File Inclusion SA20352 Eggblog posts.php SQL Injection Vulnerability SA20351 aMule Information Disclosure Vulnerability SA20316 Geeklog Multiple Vulnerabilities and Weaknesses SA20307 Seditio "Referer" HTTP Header Script Insertion Vulnerability SA20304 ByteHoard File Copy and Script Insertion Vulnerabilities SA20303 MailManager PostgreSQL Encoding-Based SQL Injection SA20297 V-webmail "CONFIGpeardir" File Inclusion Vulnerability SA20295 Pre Shopping Mall SQL Injection Vulnerabilities SA20290 ChatPat Script Insertion and SQL Injection Vulnerabilities SA20287 iFdate Cross-Site Scripting and Script Insertion Vulnerabilities SA20286 Realty Pro One Cross-Site Scripting and SQL Injection SA20363 XiTi Tracking Script "xiti.js" Cross-Site Scripting Vulnerabilities SA20341 Open Searchable Image Catalogue SQL Injection Vulnerabilities SA20340 DGNews "upprocess.php" File Upload Vulnerability SA20336 Photoalbum B&W "index.php" Cross-Site Scripting Vulnerabilities SA20334 TikiWiki Multiple Cross-Site Scripting Vulnerabilities SA20327 Achievo "atkselector" Parameter SQL Injection Vulnerability SA20324 Vacation Rental Script "obj" Parameter Cross-Site Scripting SA20322 Pretty Guestbook "pagina" Cross-Site Scripting Vulnerability SA20321 Smile Guestbook "pagina" Cross-Site Scripting Vulnerability SA20320 Morris Guestbook "pagina" Cross-Site Scripting Vulnerability SA20311 php-residence Multiple Script Insertion Vulnerabilities SA20306 PHPSimpleChoose Cross-Site Scripting Vulnerability SA20305 PHP-AGTC membership system "useremail" Script Insertion SA20296 CMS Mundo "searchstring" Cross-Site Scripting Vulnerability SA20293 phpESP ADOdb Cross-Site Scripting Vulnerabilities SA20291 AZ Photo Album Script Pro Cross-Site Scripting Vulnerability SA20289 Elite-Board "search" Parameter Cross-Site Scripting Vulnerability SA20285 buttetman Unspecified Script Insertion Vulnerabilities SA20282 iFlance Multiple Cross-Site Scripting Vulnerabilities

========================================================================

-- Fortune Magazine, 11-29-05: What's your computer setup today? Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975