Threat Tuesday: Adobe, IE, iPad, Energizer, Opera, and Ubisoft
This article is dedicated to a bunch of various software applications and how they pose a threat to the security of your computer. As you are probably very well aware, there are people with malicious intent that would like nothing more than to compromise your system – and in order to do so, they need only exploit various loopholes in the security of a software application.
Lets start things of with Adobe, California-based company that specializes in creating multimedia and creativity software products. On the 16th of February the company released Adobe Reader 9.3.1 and Adobe Acrobat 9.3.1 as well as Adobe Reader 8.2.1 and Adobe Acrobat 8.2.1 to plug 2 security vulnerabilities. The first vulnerability, as Adobe explained, “could subvert the domain sandbox and make unauthorized cross-domain requests.” The second vulnerability could crash the application and potentially allow the attacker to take control of the affected system.
If you did not update Adobe Reader or Adobe Acrobat back in February, you should do so now. Several prominent names from the security world are warning that people with malicious intent are actively exploiting in targeted attacks CVE-2010-0188 which has been addressed by the February update. Warnings have been issued by F-Secure, Avira, and MMPC (Microsoft Malware Protection Center).
Moving on to Redmond-based software giant Microsoft, you should know that yesterday the company released 2 security bulletins that address a total 8 vulnerabilities that plague Windows and Office – but that is the topic of another article. In this article we are going to focus on the company’s web browser, Internet Explorer. Yesterday, Microsoft released Security Advisory 981374 which talks about a vulnerability that “exists due to an invalid pointer reference being used within Internet Explorer.” The vulnerability, if successfully exploited by a person with malicious intent, could allow for remote code execution. The upside is that only IE6 and IE7 are affected. Users ar advised to upgrade to IE8 in order to stay protected.
Now let’s shift focus on Apple’s latest device, the iPad. When Apple showcased the device to the world, scammers were quick to respond and use this high profile event to their benefit. Starting March 12, customers in the US of A will be able to pre-order the device. McAfee is warning users to be cautious of scammers.
“Last week Apple formally announced the launch date for the Wi-Fi version of its much anticipated new tablet computer, the iPad. As with most events that generate a lot of media and consumer interest, this one also generated curiosity from the spammer community. They wonder how they can leverage this event to steal your sensitive information. Scams have already started to surface, claiming how you can win your own iPad for free,” explained Sam Masiello, Director, Messaging Security Research at McAfee.
The energizer bunny needs a thorough talking to. The US-CERT uncovered that the software that comes with the Energizer DUO USB NiMH battery charger contains a backdoor Trojan that can infect Windows-powered computers.
“Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been available on the Energizer website. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun registry key. rucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp,” explains the US-CERT (United States Computer Emergency Readiness Team).
Earlier this week we reported that the first Opera 10.5 vulnerability has been uncovered. Vupen Security said in an advisory that it is a buffer overflow error that could be remotely exploited to crash the browser or run arbitrary code. Turns out that the vulnerability in Opera 10.5 is not caused by an integer overflow error – that’s what Chief Security Specialist with Secunia, Carsten Eiram, said.
“The vulnerability is not caused by an integer overflow error. Instead, in certain cases when a 64-bit "Content-Length" value is interpreted as negative, the higher 32-bit value is ignored and lower 32-bit value is used to copy data. It is, therefore, possible to manipulate the size value in a manner to successfully corrupt memory and occasionally cause conditions where it is possible to gain control of the execution flow,” explained Eiram.
This last one is not exactly a threat to your security, rather a threat to your gaming activities. You know Ubisoft’s latest DRM, the one that requires you to be constantly connected to the internet to prove you’re not using pirated software? Yes, the one that got cracked in hours of its release. Here comes the threat to your gaming part: over the weekend Ubisoft’s severs were attacked, the DRM failed to work properly because of the attack, and thousands of Assassin's Creed II and Silent Hunter 5 players we left unable to play the game.
- Adobe
Lets start things of with Adobe, California-based company that specializes in creating multimedia and creativity software products. On the 16th of February the company released Adobe Reader 9.3.1 and Adobe Acrobat 9.3.1 as well as Adobe Reader 8.2.1 and Adobe Acrobat 8.2.1 to plug 2 security vulnerabilities. The first vulnerability, as Adobe explained, “could subvert the domain sandbox and make unauthorized cross-domain requests.” The second vulnerability could crash the application and potentially allow the attacker to take control of the affected system.
If you did not update Adobe Reader or Adobe Acrobat back in February, you should do so now. Several prominent names from the security world are warning that people with malicious intent are actively exploiting in targeted attacks CVE-2010-0188 which has been addressed by the February update. Warnings have been issued by F-Secure, Avira, and MMPC (Microsoft Malware Protection Center).
- IE (Internet Explorer)
Moving on to Redmond-based software giant Microsoft, you should know that yesterday the company released 2 security bulletins that address a total 8 vulnerabilities that plague Windows and Office – but that is the topic of another article. In this article we are going to focus on the company’s web browser, Internet Explorer. Yesterday, Microsoft released Security Advisory 981374 which talks about a vulnerability that “exists due to an invalid pointer reference being used within Internet Explorer.” The vulnerability, if successfully exploited by a person with malicious intent, could allow for remote code execution. The upside is that only IE6 and IE7 are affected. Users ar advised to upgrade to IE8 in order to stay protected.
- iPad
Now let’s shift focus on Apple’s latest device, the iPad. When Apple showcased the device to the world, scammers were quick to respond and use this high profile event to their benefit. Starting March 12, customers in the US of A will be able to pre-order the device. McAfee is warning users to be cautious of scammers.
“Last week Apple formally announced the launch date for the Wi-Fi version of its much anticipated new tablet computer, the iPad. As with most events that generate a lot of media and consumer interest, this one also generated curiosity from the spammer community. They wonder how they can leverage this event to steal your sensitive information. Scams have already started to surface, claiming how you can win your own iPad for free,” explained Sam Masiello, Director, Messaging Security Research at McAfee.
- Energizer
The energizer bunny needs a thorough talking to. The US-CERT uncovered that the software that comes with the Energizer DUO USB NiMH battery charger contains a backdoor Trojan that can infect Windows-powered computers.
“Energizer DUO is a USB battery charger. An optional Windows application that allows the user to view the battery charging status has been available on the Energizer website. The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory. When the Energizer UsbCharger software executes, it utilizes the UsbCharger.dll component for providing USB communication capabilities. UsbCharger.dll executes Arucer.dll via the Windows rundll32.exe mechanism, and it also configures Arucer.dll to execute automatically when Windows starts by creating an entry in the HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun registry key. rucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp,” explains the US-CERT (United States Computer Emergency Readiness Team).
- Opera
Earlier this week we reported that the first Opera 10.5 vulnerability has been uncovered. Vupen Security said in an advisory that it is a buffer overflow error that could be remotely exploited to crash the browser or run arbitrary code. Turns out that the vulnerability in Opera 10.5 is not caused by an integer overflow error – that’s what Chief Security Specialist with Secunia, Carsten Eiram, said.
“The vulnerability is not caused by an integer overflow error. Instead, in certain cases when a 64-bit "Content-Length" value is interpreted as negative, the higher 32-bit value is ignored and lower 32-bit value is used to copy data. It is, therefore, possible to manipulate the size value in a manner to successfully corrupt memory and occasionally cause conditions where it is possible to gain control of the execution flow,” explained Eiram.
- Ubisoft
This last one is not exactly a threat to your security, rather a threat to your gaming activities. You know Ubisoft’s latest DRM, the one that requires you to be constantly connected to the internet to prove you’re not using pirated software? Yes, the one that got cracked in hours of its release. Here comes the threat to your gaming part: over the weekend Ubisoft’s severs were attacked, the DRM failed to work properly because of the attack, and thousands of Assassin's Creed II and Silent Hunter 5 players we left unable to play the game.
