Mac Security: Weekly Summary 20060608 &A#JD1Tg!d8

It is another dull week for Mac OS X security. But there are a few amusements below.

The only vulnerabilities of possible interest to Mac users are related to JavaScript vulnerabilities in Mozilla derived web browsers:

- Mozilla Firefox v1.x - Mozilla 1.7.x - Mozilla SeaMonkey 1.x - Netscape 8.x

Windows users have the same problems as above as well as a new Active Scripting vulnerability:

- Microsoft Internet Explorer 6.x

There are a number of Mozilla derived browser updates now out to patch vulnerabilities. Be sure you have installed the latest update to these browsers.

- Mozilla Firefox 0.x, 1.x - Mozilla Thunderbird 0.x, 1.0.x, 1.5.x - Mozilla SeaMonkey 1.x

Secunia Virus Alerts: Secunia found no recent viruses of medium risk or higher.

- New Windows related vulnerabilities: 9 - New Macintosh related vulnerabilities: 0 Windows wins yet again.

Now on to this week's reports from the McAfee Threat Center and Sophos:

A) McAfee Threat Center:

- Global Threat Condition = Elevated - Listed Top Malware for Mac = none - Listed Top Vulnerabilities for Mac = none - Listed Top Potentially Unwanted Programs for Mac = none - Top 5 Phishing Scams: 1. Pbuttword Change Required 2. PayPal - Fraud Prevention Measures 3. Update your information 4. Online Banking Alert ( Your Account Has Been Blocked ) 5. Your Credit Debt card has been found cloned in Eastern Asia.Contacting Customer.

B) B) Sophos

You can sign up for the Sophos RSS feed of their latest virus alerts at:

- New Sophos virus alerts:

Hey! This is kind of fun. Let's take a look at the last malware that Sophos lists in its alerts. It gives you a good idea just how INSECURE Windows really is and what nasty stuff malware can do:

Troj-Spyjack-o Spyware Trojan: Side effects: Modifies data on the computer Steals information Drops more malware Installs itself in the Registry Leaves non-infected files on computer

"Just think! You could be using Windows right now and enjoying infections like these! Call now for a free demonstration!" Yes folks, people PAY to own an operating system that lets this kind of destruction happen to their computers. This is indeed the Stone Age of computing.

And of course note that if you use Boot Camp dual booting of Windows or use Parallels Workstation virtualization of Windows your Windows parbreastion is open to infections such as this. Take proper precautions. I read last week about a computer expert testing a new Windows PC on the Internet with no firewall or anti-virus protection. Within 1 hour the PC had picked up 40 (FORTY) malware.

OK, on with the Secunia Weekly Summary. Below are sections 2-4 of this week's summary. You can read the entire summary, sign up to receive it weekly by email, as well as read report details at:

======================================================================== 2) This Week in Brief:

Multiple browsers are affected by a vulnerability rated "Less Critical", which can be exploited by malicious people to trick users into disclosing sensitive information.

Additional details for the different affected browsers can be found in the referenced Secunia advisories below.

--

Updates have been released for several Mozilla based products, including Firefox and Thunderbird, which corrects several vulnerabilities.

Further details can be found in the referenced Secunia advisories below.

--

VIRUS ALERTS:

During the past week Secunia collected 44 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia buttessment scale.

======================================================================== 3) This Weeks Top Ten Most Read Advisories:

1. SA20384 Microsoft Windows "mhtml:" URI Buffer Overflow Vulnerability 2. SA20376 Firefox Multiple Vulnerabilities 3. SA20153 Microsoft Word Malformed Object Code end Vulnerability 4. SA20442 Firefox File Upload Form Keystroke Event Cancel Vulnerability 5. SA19762 Internet Explorer "object" Tag Memory Corruption Vulnerability 6. SA20449 Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability 7. SA20382 Thunderbird Multiple Vulnerabilities 8. SA20365 MySQL Multibyte Encoding SQL Injection Vulnerability 9. SA19738 Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information 10. SA19521 Internet Explorer Window Loading Race Condition Address Bar Spoofing

======================================================================== 4) Vulnerabilities Summary Listing

Windows: SA20462 LocazoList Clbuttifieds "msgid" Parameter SQL Injection SA20423 myNewsletter "UserName" SQL Injection Vulnerability SA20419 aspWebLinks SQL Injection and Pbuttword Change Vulnerabilities SA20416 ASPScriptz Guest Book "submit.asp" Script Insertion Vulnerabilities SA20411 CodeAvalanche FreeForum Multiple Vulnerabilities SA20483 WinGate WWW Proxy Server Buffer Overflow Vulnerability SA20477 Microsoft NetMeeting Denial of Service Vulnerability SA20449 Internet Explorer File Upload Form Keystroke Event Cancel Vulnerability SA20425 ASP Discussion Forum "search" Parameter Cross-Site Scripting

UNIX-Linux: SA20487 Wikiwig "WKwkPath" File Inclusion Vulnerability SA20473 HP Tru64 UNIX and HP Internet Express Sendmail Vulnerability SA20415 iShopCart Buffer Overflow and Directory Traversal Vulnerabilities SA20466 LoudHush iaxclient Unspecified Vulnerability SA20457 SUSE Updates for Multiple Packages SA20451 Debian update for postgresql SA20446 Debian update for centericq SA20435 Trustix update for postgresql SA20422 Red Hat update for dia SA20482 Red Hat update for spambuttbuttin SA20443 Debian update for spambuttbuttin SA20430 Spambuttbuttin "spamd" Shell Command Injection Vulnerability SA20498 GANTTy Cross-Site Scripting and Information Disclosure SA20476 Sylpheed-Claws URI Check Bypbutt Security Issue SA20497 Asterisk IAX2 Channel Driver Denial of Service Vulnerability SA20461 Debian update for freeradius SA20424 Slackware update for mysql SA20421 Red Hat update for quagga SA20420 Red Hat update for zebra SA20456 Avaya Products XScreenSaver Insecure Temporary File Creation Vulnerability SA20445 Sun StorADE Privilege Escalation Vulnerability SA20459 Avaya PDS HP-UX Kernel Denial of Service Vulnerability

Other: SA20479 Ingate Firewall and SIParator Two Vulnerabilities SA20474 D-Link DWL-2100AP Exposure of Configuration Files

Cross Platform: SA20480 Clan Manager Pro cmproheader.inc.php File Inclusion SA20475 MiraksGalerie Multiple File Inclusion Vulnerabilities SA20468 DreamAccount "dapath" File Inclusion Vulnerabilities SA20463 dotWidget CMS "filepath" Parameter File Inclusion Vulnerability SA20448 Informium "CONFlocalpath" File Inclusion Vulnerability SA20440 CS-Cart "clbuttesdir" Parameter File Inclusion Vulnerability SA20439 WebspotBlogging Multiple File Inclusion Vulnerabilities SA20437 DotClear "blogdcpath" File Inclusion Vulnerability SA20434 Claroline Two File Inclusion Vulnerabilities SA20429 DokuWiki Spell Checker Code end Vulnerability SA20426 buttoCIateD "rootpath" File Inclusion Vulnerabilities SA20408 REDAXO "REXINCLUDEPATH" File Inclusion Vulnerabilities SA20486 Open Business Debt Management Multiple Vulnerabilities SA20471 Kmita FAQ Cross-Site Scripting and SQL Injection Vulnerabilities SA20468 plus 1 Alex News-Engine "newsid" Parameter SQL Injection Vulnerability SA20465 Coppermine Photo Gallery usermgr.php Unspecified Vulnerability SA20460 LifeType "articleId" SQL Injection Vulnerability SA20458 MediaWiki Edit Form Script Insertion Vulnerability SA20450 Dmx Forum Disclosure of Sensitive Information SA20447 Weblog Oggi Script Insertion Vulnerability SA20438 BlueShoes Framework Multiple File Inclusion Vulnerabilities SA20433 FunkBoard Authentication Bypbutt and Cross-Site Scripting SA20428 Particle Wiki Script Insertion and SQL Injection SA20427 Particle Gallery "imageid" SQL Injection Vulnerability SA20414 TAL RateMyPic Multiple Vulnerabilities SA20413 Snort "httpinspect" Preprocessor Bypbutt Vulnerability SA20410 Unak-CMS SQL Injection and Cross-Site Scripting Vulnerabilities SA20409 SimpleBoard "sbauthorname" Script Insertion Vulnerability SA20452 TIBCO Rendezvous HTTP Administrative Interface Buffer Overflow SA20500 GD Graphics Library GIF File Handling Denial of Service SA20491 Particle Links "username" Parameter Cross-Site Scripting SA20490 Particle Whois "target" Parameter Cross-Site Scripting SA20478 DokuWiki Restricted Page Content Disclosure Vulnerability SA20472 Mozilla SeaMonkey File Upload Form Keystroke Event Cancel Vulnerability SA20470 Netscape File Upload Form Keystroke Event Cancel Vulnerability SA20467 Mozilla Suite File Upload Form Keystroke Event Cancel Vulnerability SA20455 KnowledgeTree Open Source Cross-Site Scripting Vulnerabilities SA20453 PHP ManualMaker Multiple Cross-Site Scripting Vulnerabilities SA20444 PHP Pro Publish "catname" Parameter Cross-Site Scripting SA20442 Firefox File Upload Form Keystroke Event Cancel Vulnerability SA20441 OSADS Board Comments Script Insertion Vulnerability SA20436 PyBlosxom Contributed Packages Cross-Site Scripting Vulnerability SA20418 dotProject Cross-Site Scripting Vulnerability SA20417 LabWiki Cross-Site Scripting Vulnerabilities SA20412 Drupal Taxonomy Module Cross-Site Scripting Vulnerability SA20431 TIBCO Hawk "tibhawkhma" Privilege Escalation Vulnerability

========================================================================

-- Fortune Magazine, 11-29-05: What's your computer setup today? Frederick Brooks: I happily use a Macintosh. It's not been equalled for ease of use, and I want my computer to be a tool, not a challenge. Frederick Brooks is the author of 'The Mythical Man Month'. He spearheaded the movement to modernize computer software engineering in 1975