How the Mackeeper failed to secure Mac

Mackeeper, the program designed to keep Mac computers secure suffers from a critical remote code execution vulnerability.

This flaw lies in the lack of input validation during the handling of custom URLs by the program. It allows hackers to execute arbitrary commands with root privilege with little to no user interaction. It can happen when users visited specially crafted webpages in the Safari browser.

If the user had already provided their password to MacKeeper during normal course of operation of the program, the user will not be alerted for their password prior to the execution of the arbitrary command.

If the user did not previously authenticate, they will be prompted to enter their authentication details, however, the text that appears for the authentication dialogue can be manipulated to appear as anything, so the user might not realize the true consequences of the action.

The vulnerability, quite possibly a zero-day one was discovered by security researcher Braden Thomas who released a demonstration link as proof-of-concept (POC) through which the Mackeeper program was automatically un-installed upon simply clicking the external link. 

Mackeeper is a controversial program amongst the Mac users owing to its pop-up and advertisements, but apparently has 20 million downloads worldwide.

The vulnerability existed even in  the latest version 3.4. The company has advised users to run Mackeeper update tracker and install 3.4.1 or later. For users who have not updated, they can use a browser other than Safari or remove the custom URL scheme handler from Mackeeper's info.plist file.

VMware Patches critical directory traversal vulnerability in its VMware View

VMware has patched a critical directory traversal vulnerability in its View VMWare desktop virtualization platform that could allow a hacker to access arbitrary files from affected View Servers.

The vulnerability affects both the View Connection Server and the View Security Server. The vulnerability was discovered by Digital Defense, a security service provider.

According to VMware advisory, the affected versions are View 5.x prior to 5.1.2 and 4.x prior to 4.6.2. Users are advised to upgrade to the latest version.

Users who are unable to immediately update their View Servers are advised to "Disable security server" or "blocking directory traversal attacks with an intrusion detection/prevention system or an application firewall".

CVE-2012-4170 : Adobe fixes Buffer Overflow Vulnerability in Photoshop

Adobe has released an update to Photoshop CS6 with version 13.0.1. This update closes a critical Remote Buffer overflow vulnerability in the PNG Image Processing.

Francis Provencher has discovered a vulnerability in Adobe Photoshop CS6, which can be exploited by malicious people to compromise a user's system.

According to Secunia advisory, The vulnerability is caused due to a boundary error in the "Standard MultiPlugin.8BF" module when processing a Portable Network Graphics (PNG) image. This can be exploited to cause a heap-based buffer overflow via a specially crafted "tRNS" chunk size.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious image.

The vulnerability is reported in versions 13.x only for Windows and Macintosh (confirmed in 13.0 20120315.r.428 on Windows).

Users can upgrade to Photoshop CS6 13.0.1 by selecting "Updates" under the Photoshop Help menu; this will launch the Adobe Application Manager, allowing users to select and install the update.

CVE-2012-0681 : Apple fixes Information disclosure vulnerability in Remote Desktop

Apple has released version 3.6.1 of its Apple Remote Desktop application to fix an information disclosure vulnerability.

Vulnerability Details(CVE-2012-0681):
When connecting to a third-party VNC server with "Encrypt all network data" set, data is not encrypted and no warning is produced.

According to Apple security advisory,  This issue does not affect Apple Remote Desktop 3.5.1 and earlier. Versions 3.5.2 up to and including 3.6.0 are affected;

The latest version 3.6.1 address this issue by creating an SSH tunnel for the VNC connection when "Encrypt all network data" is set. If this is not possible, ARD will prevent the connection.

Apple Remote Desktop 3.6.1 may be obtained from Mac App Store,the Software Update pane in System Preferences, or Apple's Software Downloads web site:

Prolexic found Vulnerability in Popular Dirt Jumper DDoS toolkit

Security Vendor Prolexic has discovered a critical vulnerability in the popular Dirt Jumper DDoS Toolkit family used  by hackers to launch distributed denial of service attacks against corporate networks.

“DDoS attackers take pride in finding and exploiting weaknesses in the architecture and code of their targets. With this vulnerability report, we’ve turned the tables and exposed crucial weaknesses in their own tools,” said Scott Hammack, CEO at Prolexic.

Prolexic found security holes in the simplest part of the program, namely the GUI control panels used to control bots created by it which turned out to be cobbled together using hastily-coded PHP/MySQL scripts.

"With this information, it is possible to access the C&C server and stop the attack," Prolexic CEO Scott Hammack said in statement. "Part of our mission is to clean up the Internet. It is our duty to share this vulnerability with the security community at large."

CVE-2012-2665: LibreOffice vulnerable to multiple Heap-based buffer overflows

CVE-2012-2665: Few weeks after releasing the LibreOffice 3.5.5, The Document Foundation has confirmed that security holes in earlier versions of the open source LibreOffice .

According to the security advisory,  Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice.

An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution.

Versions up to and including LibreOffice 3.5.4 are affected; Users are advised to upgrade your software to version 3.5.5 or 3.6.0.