iPhone/iPad iOS 4.3.3 Fixes Location Tracking Bugs
Following the recent over-hyped “location tracking scandal“, Apple has released iOS 4.3.3 which fixes bugs in the Location Services on iPhone and iPad devices that caused them to store excessive location information. As detailed by Apple’s Q&A on Location Data, the location data stored on iOS devices (and backed up by iTunes) are merely a subset of Apple’s crowd-sourced location database of Wifi hotspots and cell towers, used to facilitate Location Services when GPS is unavailable or unreliable. The bugs were causing iOS to download this location cache even if Location Services were turned off, and to store the cache indefinitely, instead of being regularly purged.
This update contains changes to the iOS crowd-sourced location database cache including:
- Reduces the size of the cache
- No longer backs the cache up to iTunes
- Deletes the cache entirely when Location Services is turned off
It’s nice to see Apple resolve this issue so swiftly, and these changes will help improve the privacy of iPhone and iPad users, regardless of whether they use Location Services. The only thing I would have added if I were Apple, is the ability for the user to clear the location cache in the device settings. It’s a button that could be easily added in Settings > Location Services. Just sayin’!
WordPress 3.1.1 Patches Minor XSS Flaws
WordPress have released a minor 3.1.1 update which patches an XSS flaw on the database upgrade screens. The change log also mentions a strengthening of security mechanisms relating to media uploads, and fixes to potential PHP crashes caused by complex hyperlinks. The update also includes a number of other security and bug fixes.
It’s a fairly minor update that shouldn’t break any plugins. Update when ready.
WordPress 3.1 Released
WordPress “Reinhardt” 3.1 has been released, with the bulk of changes focused on the admin interface and functionality. Key improvements include:
- A redesigned linking workflow
- A funky new admin bar (hopefully it’ll be possible to customize this one)
- A streamlined writing interface
I particularly like the new linking functionality, which simplifies linking to internal posts and pages on your site (screenshot below). No more having to find that page, and copy/paste the URL!
I was a bit apprehensive about updating, as it’s quite easy for plugins to break, and there’s no easy way to see the compatibility status of your plugins. If anyone feels up to it, I’d like to see a plugin that allows you to quickly check the compatibility status of all your installed plugins with regard to the next available version. That said, I updated, and it went flawlessly.
Other than that, this update does not have a significant impact in terms of security apart from the usual bug fixes.
WordPress 3.0.5 Update Fixes Security Issues
WordPress 3.0.5 has been released, and is primarily a security update focusing on vulnerabilities which can be exploited through untrusted user accounts. This follows the recent 3.0.3 and 3.0.4 updates which were also security-focused. If your WordPress installation does not have any non-admin users, then this update is less urgent, however it is recommended that you update as soon as possible anyway.
Here is a description of the five main updates:
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.
One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.
Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.
WordPress 3.1 is currently at RC4 and is expected to be officially released soon.
WordPress 3.0.4 Patches XSS Flaws in HTML Sanitation Library
WordPress have released an update (3.0.4), dubbed “the most important security release of the year”, that patches a core security bug in the HTML sanitation library (KSES). KSES is responsible for filtering user input and, as such, is used to protect WordPress sites from attacks such as Cross-Site Scripting (XSS). XSS vulnerabilities were discovered, however the details of these are not available (see below).
They rate this release “critical”, and so it’s recommended that all WordPress sites update as soon as possible. The full changeset for the 3.0.4 update is here. Security researchers are invited to review these changes to ensure the vulnerabilities have been fully fixed. Spread the news if you have any friends with a WordPress blog!
[Updated] One stored XSS exploit for 3.0.3 is available here.
iOS 4.2.1 Released with Free “Find My iPhone”
Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.
Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.
Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.
iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.
Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!
Adobe Reader X Brings Sandboxing with Protected Mode
Adobe recently released Adobe Reader X, the latest incarnation of their PDF viewer software. Over a year after Adobe’s promised ‘security push’ into Reader, and numerous vulnerabilities, exploits and malware, this version finally brings the hotly discussed sandboxing feature.
The sandboxing, or Protected Mode as Adobe call it, would restrict PDFs to an extremely limited running environment. Initially the sandbox will control any write operations attempted by PDFs, to try and prevent malware being written to disk. A later update is expected to bring ‘read’ control as well, to prevent information stealing.
Although this is a good step forward for Adobe Reader, it remains to be seen whether any of their changes will be effective at mitigating vulnerabilities that attempt to read/write directly from memory. It’ll be interesting to see what kinds of vulnerabilities will come out in the coming months.
Either way, Adobe Reader X brings a number of security fixes and improvements, and is thus a recommended update.
BackTrack 4 r2 “Nemesis” Released
[Update 10/5/2011] BT4r2 is now superceded by the new and improved BackTrack 5!
BackTrack 4 r2 (codename “Nemesis”) has been released and brings a number of updates aimed at improving “desktop responsiveness, better hardware support, broader wireless card support, streamlined work environment”.
Updates include an updated kernel (2.6.35.8) with improved wireless support, USB 3.0, faster responsiveness, pruned and new packages, and a new BackTrack wiki for more documentation and support.
Users with existing BT4 installs/VMs can simply perform an update using:
apt-get update && apt-get dist-upgrade
BackTrack 4 r2 is available as a 2GB ISO, or 2.4GB VMWare image, on the downloads page (the BT4 download links appear to have been removed in favour of BT5).
Safari 5.0.2 Update Fixes WebKit Bugs
Apple has released Safari 5.0.2 and 4.1.2 updates for Mac OS X and Windows which fix issues in both Safari and WebKit (the browser’s rendering engine).
The first issue, which only affects Safari on Windows systems, may lead to code execution if the user attempts to reveal the location of a downloaded file. The other two vulnerabilities include an input validation issue in WebKit’s handling of floating point data types, and a use-after-free issue in WebKit’s handling of elements with run-in styling. Both of these could be used to perform arbitrary code execution.
These two updates should be available in Software Update.
Hit the jump for Apple’s full patch info.
QuickTime Player SMIL Buffer Overflow and Metasploit Exploit
On the 26th July 2010, Krystian Kloskowski discovered a vulnerability in QuickTime Player 7.6.6 for Windows caused by a buffer overflow in the application’s error logging.
The original advisory states:
The vulnerability is caused due to a boundary error in QuickTimeStreaming.qtx when constructing a string to write to a debug log file. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into viewing a specially crafted web page that references a SMIL file containing an overly long URL.
Successful exploitation of this vulnerability leads to the ability of executing arbitrary code on the victim’s computer.
A couple of days ago, Joshua Drake (aka. jduck) submitted a working exploit module to the Metasploit Framework.
As QuickTime is installed on many Windows systems these days (it’s included as part of iTunes), this vulnerability poses a real threat. As always users should beware of clicking on unknown links, but ultimately if someone wants to get you to visit a malicious page, they can.
In this case users should update QuickTime asap. Apple has released QuickTime 7.6.7 which fixes this issue.
[Update] Check out the video below for a demo of the Metasploit module in action:
Metasploit_Apple_Quicktime_Smil_Debug from 4xteam on Vimeo.
Loading ...
