Here's a collection of recent security vulnerabilities and alerts, which covers vulnerabilities discovered in Sun Solaris, the availability of official documentation from Apple on Leopard's firewall, and multiple overflow vulnerabilities inan ActiveX control associated with AOL Radio.
Here's a collection of recent security vulnerabilities and alerts, which covers vulnerabilities discovered in Sun Solaris, the availability of official documentation from Apple on Leopard's firewall, and multiple overflow vulnerabilities in an ActiveX control associated with AOL Radio.
French security site FrSIRT have an advisory about multiple vulnerabilities that affect Sun Solaris. They are caused by errors in Mozilla. A successful exploit could result in malicious Web sites being able to execute arbitrary commands.
Solaris 8, 9 and 10 are affected.
A solution to the problem is pending completion.
- Apple releases full documentation on its firewall
Apple has released documentaton on its firewall that confirms a number of its characteristics observed by various security analysts and sites.
Apple emphasises that the new firewall no longer makes decisions based on the properties of individual packets (source and target addresses and ports), but instead filters the network activities of programs. Technically this means it is not a packet filter in the TCP/IP stack but is instead hooks a part of the Mac OS X networking API. Although the original lower level ipfw packet filter firewall is still in operation, Mac OS X no longer offers a front end for controlling it. Only the "stealth mode" in the advanced settings still uses ipfw to suppress status reports via ICMP.
You can read about Apple's Application Firewall here.
- Multiple buffer overflow vulnerabilities discovered in AOL Radio's ActiveX control
AOL's AmpX ActiveX control has multiple vulnerabilities that can be exploited via a malicious Web site. This ActiveX control is associated with AOL Radio. A successful attacker will be able to execute arbitrary code in the context of the user viewing the malicious Web page. No further interaction is necessary.
An updated version of AOL Radio with enhanced security is now available. You can get it here.