A new Java 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling the plugin is the only way to protect your computer.
The MBeanInstantiator in Oracle Java Runtime Environment (JRE) 1.7 in Java 7 Update 10 and earlier allows remote attackers to execute arbitrary code via vectors related to unspecified classes that allow access to the class loader, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681.
By convincing a user to visit a specially crafted HTML document, a remote attacker may be able to execute arbitrary code on a vulnerable system.
CVE Standard Vulnerability Entry: CVE-2013-0422
This actual vulnerability was later confirmed by security firm AlienVault Labs. With Kafeine’s help, the company reproduced the exploit on a new, fully-patched installation of Java, and used a malicious Java applet to remotely execute the Calculator application on Windows XP as shown in the below screen-shot:
Multiple vulnerabilities have been found in Tor, the most severe of which may allow a remote attacker to execute arbitrary code.
Multiple vulnerabilities have been discovered in Tor:
- When configured as client or bridge, Tor uses the same TLS certificate chain for all outgoing connections (CVE-2011-2768).
- When configured as a bridge, Tor relays can distinguish incoming bridge connections from client connections (CVE-2011-2769).
- An error in or/buffers.c could result in a heap-based buffer overflow (CVE-2011-2778).
A remote attacker could possibly execute arbitrary code or cause a Denial of Service. Furthermore, a remote relay the user is directly connected to may be able to disclose anonymous information about that user or enumerate bridges in the user’s connection.
There is no known workaround at this time.
All Tor users should upgrade to the latest version:
# emerge –sync
# emerge –ask –oneshot –verbose “>=net-misc/tor-0.2.2.35″
Vulnerability-Lab Team discovered a Memory & Pointer Corruption Vulnerability on Kaspersky Internet Security 2011/2012 & Kaspersky Anti-Virus 2011/2012.
The vulnerability is caused by an invalid pointer corruption when processing a corrupt .cfg file through the kaspersky exception filters, which could be exploited by attackers to crash the complete software process.
The bug is located over the basegui.ppl & basegui.dll when processing a .cfg file import.
[+] CFG IMPORT
– Kaspersky Anti-Virus 2012 & Kaspersky Internet Security 2012
– KIS 2012 v188.8.131.524
– KAV 2012 v12.x
– Kaspersky Anti-Virus 2011 & Kaspersky Internet Security 2011
– KIS 2011 v184.108.40.206 (a.b)
– KAV 220.127.116.110
– KIS 2011 v18.104.22.1684
– Kaspersky Anti-Virus 2010 & Kaspersky Internet Security 2010
Vulnerability Research Laboratory – Benjamin K.M. (Rem0ve)
Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes.
Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow them to execute commands on the device remotely from anywhere in the world. The functionality they are exploiting to do this is not new, it has been quietly pointed out for a number of years, and was explained in depth at Defcon-18 Presentation.
It is not a zero-day exploit or a root exploit. They are using Android the way it was designed to work, but in a clever way in order to establish a 2-way communication channel. This has been tested on Android versions ranging from 1.5 up to 4.0 Ice Cream Sandwich, and it works in a similar way on all platforms.
The application operates by instructing the browser to access a particular web page with specific parameters. This web page, and the server behind it, will, in turn, control the app by forwarding the browser to a URL that starts with a protocol prefix that is registered as being handled by the app, for example app://. This process can then be repeated and in doing so it enables two-way communication.
“In this demonstration Android’s power and flexibility were perhaps also its downfall. Other smartphone platforms may not offer the controls we are bypassing at all, and the multi-tasking capabilities in Android allowed us to run the attack almost transparently to the user. This power combined with the open nature of Android also facilitates the customisation of the system to meet bespoke security requirements. This is something we have even been involved in ourselves by implementing a proof of concept Loadable Kernel Module to pro-actively monitor and defend a client’s intellectual property as it passed through their devices. It is no surprise that we have seen adoption of Android research projects in the military and government as it can be enhanced and adapted for specific security requirements, perhaps like no other mobile platform before it.” – Thomas Cannon said
A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to potentially compromise a user’s system.
The vulnerability is caused due to an error in win32k.sys and can be exploited to corrupt memory via e.g. a specially crafted web page containing an IFRAME with an overly large “height” attribute viewed using the Apple Safari browser.
Successful exploitation may allow execution of arbitrary code with kernel-mode privileges.
The vulnerability is confirmed on a fully patched Windows 7 Professional 64-bit.
Other versions may also be affected.
No effective solution is currently available.
<iframe height=’18082563′></iframe> causes a BSoD on win 7 x64 via Safari. Lol!