Following the outbreak of the Flashback Mac Trojan, security researchers have identified two more cases of Mac OS X malware. The good news is most Mac owners have little reason to worry about them.
Both cases are variants on the same Trojan, called SabPub, Kaspersky Lab Expert Costin Raiu wrote on Securelist.
The first variant is known as Backdoor.OSX.SabPub.a. Like Flashback, this new threat was likely spread through Java exploits on Websites, and allows for remote control of affected systems. It was created roughly one month ago.
Fortunately, this malware isn’t a threat to most users for a few reasons: It may have only been used in targeted attacks, Raiu wrote, with links to malicious Websites sent via e-mail, and the domain used to fetch instructions for infected Macs has since been shut down.
Furthermore, Apple’s security update for Flashback helps render future Java-based attacks harmless. In addition to removing the Flashback malware, the update automatically deactivates the Java browser plug-in and Java Web Start if they remain unused for 35 days. Users must then manually re-enable Java when they encounter applets on a Web page or a Web Start application.
The second SabPub variant is old-school compared to its sibling. Instead of attacking through malicious Websites, it uses infected Microsoft Word documents as vector, distributed by e-mail.
Chrome for Android will not run Flash Player, the popular software that Apple has famously banned, Adobe confirmed Wednesday.
The acknowledgment was no surprise: Last November, Adobe announced it was abandoning development of Flash for mobile browsers. In other words, Google missed the Flash boat by several months.
“Adobe is no longer developing Flash Player for mobile browsers, and thus Chrome for Android Beta does not support Flash content,” said Bill Howard, a group product manager on the Flash team, in an Adobe blog Tuesday.
The stock Android browser included with the operating system does support Flash, noted Howard.
Adobe explained its decision to halt work on Flash Player for mobile browsers as necessary to shift resources, notably to its efforts on HTML5, the still-developing standard that will ultimately replace many of the functions Flash has offered.
“We will continue to leverage our experience with Flash to accelerate our work with the W3C and WebKit to bring similar capabilities to HTML5 as quickly as possible,” Danny Winokur, the Adobe executive in charge of interactive development, said last year. He was referring to the World Wide Web Consortium standards body and WebKit, the open-source browser engine that powers Chrome and Apple’s Safari. “And we will design new features in Flash for a smooth transition to HTML5 as the standards evolve.”
Analysts read the move as a tacit surrender to the trend, first seen at Apple, to skip support for Flash on smartphones and tablets. In 2010, former Apple Steve Jobs had famously dismissed Flash as unsuitable for mobile devices because it was slow, drained batteries and posed security problems.
An unpatched Yahoo Messenger vulnerability that allows hackers to change people’s status messages and possibly perform other unauthorized functons can be exploited to spam malicious links to a large number of users.
The flaw was discovered in the wild by security researchers from antivirus vendor BitDefender while investigating a customer’s report about unusual Yahoo Messenger behavior.
The flaw appears to be located in the application’s file transfer API (application programming interface) and allows attackers to send malformed requests that result in the execution of commands without any interaction from victims.
“An attacker can write a script in less than 50 lines of code to malform the message sent via the YIM protocol to the attacker,” said Bogdan Botezatu, an e-threats analysis & communication specialist at BitDefender.
“Status changing appears to be only one of the things the attacker can abuse. We’re currently investigating what other things they may achieve,” he added.
Victims are unlikely to realize that their status messages have changed and if they use version 11.5 of Yahoo Messenger, which supports tabbed conversations, they might not even spot the rogue requests, Botezatu said.
This vulnerability can be leveraged by attackers to earn money through affiliate marketing schemes by driving traffic to certain websites or to spam malicious links that point to drive-by download pages.
Apple has failed to fix a bug in its Mac OS X operating system that allows processes to bypass the sandbox protection in place.
The flaw was discovered by Anibal Sacco and Matias Eissler from Core Security Technologies. They let Apple know about the problem on 20 September, and while Apple acknowledged their submission, it said that it did not see any security threat, forcing the Core Security Technologies team to publish the report to the public this month.
The problem appears to be with the use of Apple events in several default profiles, including the no-network and no-internet ones. When Apple events are dispatched a process can escape the sandbox, which could be exploited by hackers.
The vulnerability could lead to a compromised application restricted by the use of the no-network profile gaining access to network resources through the use of Apple events to execute other applications that are not restricted by the sandbox, making it a significant security threat.
Only the more recent versions of Mac OS X are vulnerable to this bug, including 10.5.x, 10.6.x, and 10.7.x. Those using 10.4.x are safe from the exploit.
Motorola announced on Twitter that the Android software update for the Xoom tablet is being pushed out in phases starting March 11, which includes enhancements to support the upcoming Adobe Flash Player 10.2.
Launched on February 24, the Xoom was pushed out to the market with some seemingly rushed, half done features, just so it arrived on the market before a new iPad. Despite certain hardware advantages over the original and new iPad, the Xoom flaunted 4G radios, SD card memory expansion and Flash support. However, none of these features were actually operational when the device launched. Read More….
About eight out of every ten internet browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, a security expert said today.
The poor state of browser patching stunned Wolfgang Kandek, CTO of security risk and compliance management provider Qualys, which presented data from the company’s free BrowserCheck service Wednesday at the RSA Conference in San Francisco.
“I really thought it would be lower,” said Kandek of the nearly 80% of browsers that lacked one or more patches.
BrowserCheck scans Windows, Mac and Linux machines for vulnerable browsers, as well as up to 18 browser plug-ins, including Adobe’s Flash and Reader, Oracle’s Java and Microsoft’s Silverlight and Windows Media Player.
When browsers and their plug-ins are tabulated together, between 90% and 65% of all consumer systems scanned with BrowserCheck since June 2010 reported at least one out-of-date component, depending on the month. In January 2011, about 80% of the machines were vulnerable. Read more….