WordPress 3.0.5 Update Fixes Security Issues
WordPress 3.0.5 has been released, and is primarily a security update focusing on vulnerabilities which can be exploited through untrusted user accounts. This follows the recent 3.0.3 and 3.0.4 updates which were also security-focused. If your WordPress installation does not have any non-admin users, then this update is less urgent, however it is recommended that you update as soon as possible anyway.
Here is a description of the five main updates:
Two moderate security issues were fixed that could have allowed a Contributor- or Author-level user to gain further access to the site.
One information disclosure issue was addressed that could have allowed an Author-level user to view contents of posts they should not be able to see, such as draft or private posts.
Two security enhancements were added. One improved the security of any plugins which were not properly leveraging our security API. The other offers additional defense in depth against a vulnerability that was fixed in previous release.
WordPress 3.1 is currently at RC4 and is expected to be officially released soon.
WordPress 3.0.4 Patches XSS Flaws in HTML Sanitation Library
WordPress have released an update (3.0.4), dubbed “the most important security release of the year”, that patches a core security bug in the HTML sanitation library (KSES). KSES is responsible for filtering user input and, as such, is used to protect WordPress sites from attacks such as Cross-Site Scripting (XSS). XSS vulnerabilities were discovered, however the details of these are not available (see below).
They rate this release “critical”, and so it’s recommended that all WordPress sites update as soon as possible. The full changeset for the 3.0.4 update is here. Security researchers are invited to review these changes to ensure the vulnerabilities have been fully fixed. Spread the news if you have any friends with a WordPress blog!
[Updated] One stored XSS exploit for 3.0.3 is available here.
WordPress 3.0.3 Fixes Authorization Issues
Hot on the heels of the previous update that patched an authenticated SQL injection vulnerability, WordPress have released version 3.0.3 which fixes authorization issues in the remote publishing interface. The vulnerability may allow Author and Contributor-level users to improperly edit, publish, or delete posts. WordPress state:
These issues only affect sites that have remote publishing enabled.
I would also add that these issues only affect sites that actually have Author and Contributor-level users. If you’re the only user of your blog, you don’t need to be worried (but update anyway).
Remote publishing is enabled and disabled in Settings > Writing > Remote Publishing.
Apple Releases QuickTime 7.6.9 Security Update
Apple has released QuickTime 7.6.9 for Leopard 10.5.8 and Windows (XP,V,7), patching a number of vulnerabilities including several that were fixed in the recent 10.6.5 update.
The vulnerabilities include improper handling of JP2, AVI, MPEG, Flashpix, GIF, PICT, and QTVR files. Viewing maliciously-crafted files can lead to remote code execution in some cases.
QuickTime definitely needs more strengthening. Leopard and Windows users, go forth and patch!
iOS 4.2.1 Released with Free “Find My iPhone”
Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.
Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.
Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.
iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.
Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!
Apple Releases Safari 5.0.3 and 4.1.3
Safari updates 5.0.3 and 4.1.3 (for both Mac OS X and Windows) have been released to patch a number of WebKit vulnerabilities, some of which can lead to arbitrary remote code execution.
Fire up your Software Update! Hit the jump for full details of the vulnerabilities fixed.
Apple Releases Mac OS X 10.6.5 (Security Update 2010-007)
Apple has finally released Mac OS X 10.6.5 bringing a number of bugfixes and security patches to the OS and applications. The list includes numerous improvements to AFP (File Sharing Protocol), QuickTime, and other image/PDF-based issues. I noticed that Apple are crediting themselves on quite a few of these, so it’s nice to see they’re putting in the effort of hunting down bugs.
Available via Software Update!
iOS 4.2 Update Fixes Passcode Bypass Bug
The upcoming iOS 4.2 update, recently seeded to developers, fixes the recently-discovered keylock/passcode bypass bug. The bug allows any user with access to a locked iPhone to make phone calls, view/modify contacts, and send/view emails, by exploiting a simple bug on the “Emergency Call” screen.
Full details of security patches in this update will be announced upon release.
[Update] iOS 4.2.1 has been released.
Mac OS X Security Update 2010-006 (AFP)
Apple this week released Security Update 2010-006 to patch a vulnerability in Apple Filing Protocol (AFP) – also known as File Sharing – which could allow an attacker to gain access to shared folders without a password. This only affects Mac OS X 10.6, Mac OS X Server 10.6, and File Sharing is disabled by default.
iOS 4.1 New Bug Fixes and Boot ROM Hack
On Wednesday, Apple released iOS 4.1 to the public, bringing a good number of bug fixes including two in potential remote code issues in ImageIO, and many more in WebKit (full details after the jump).
In related news, pod2g – a member of the iPhone Dev Team – announced that an issue in iOS’s bootrom (a very low-level hardware bootloader) could be used to jailbreak future iOS updates (including 4.1) on current iOS devices. Due to the nature of the bootrom, it would be difficult for Apple to fix the flaw without somehow flashing a new bootrom to affected devices. Jailbreakers have been advised to forgo the 4.1 update until a stable bootrom-based jailbreak is developed – although this would leave those iPhone/iPod Touch users open to attack.
Loading ...
