vulnerability
Latest
MMS exploit targets Windows Mobile 2003
What's scarier than a text message luring you into getting your PC all hosed up with virii? An MMS message that somehow manages to do the infection honors all by its lonesome, that's what. Details are now emerging on what appears to be the world's first proof of concept for an MMS virus, exploiting a weakness in the way Windows Mobile 2003 handles SMIL (Synchronized Mutlimedia Integration Language) to cause a buffer overflow -- which in turn leads to the dreaded "arbitrary code execution." The fella responsible for the exploit apparently gave Microsoft the heads-up a solid six months ago; when he never heard back, he went public with it in a big way at Berlin's Chaos Communication Congress. The good news (if you can call it that) is that it's only been tested on the i-mate PDA2K and HP iPaq h6315, both of which are approaching the tail ends of their useful shelf lives. No word on whether the vulnerability applies (or can be easily adapted to) Windows Mobile 2005, but somehow, "we hope not" simply doesn't properly express our sentiments.[Via El Reg]
Does QuickTime pose a security risk?
The whole QuickTime/MySpace security hole that was discussed this week on TUAW has given rise to a general concern about QuickTime's vulnerabilities. The QuickTime bug apparently allowed a worm to infect MySpace user profiles and redirected traffic to a phishing site, where passwords were harvested. An Information Week article suggests the security flaw could extend well beyond Myspace to both Mac and Windows users. The problem seems to stem from QuickTime's JavaScript support and a bug that allows malicious JavaScript code to affect browsers. The article states that although Apple has provided an Internet Explorer patch, it has yet to issue a general QuickTime fix across all platforms.
Skype version 1.5.0.80 patches critical vulnerability
Calling all Skype users - if you haven't updated to the latest version, you really should. Version 1.5.0.80 (Mac OS X), released on Tuesday, "solves a 'highly critical' vulnerability that could lead to the remote execution of arbitrary code." So says Secunia, an IT Security news company. The flaw was caused by a malformed URL and could potentially lead to your system being compromised. Oops! No need to panic, though. Just update now and you'll be covered. If you're using Skype for Mac Beta 2.x I don't believe this affects you, so don't go downgrading just yet! UPDATE: Mac Beta 2.x was updated to 2.0.0.3 yesterday. and has the same fix. Thanks Sejuru!
Nikon Coolpix P1 WiFi cam vulnerable to attacks
Nikon's WiFi-equipped Coolpix P1 introduced last year seemed to be a step in the right direction. Decent enough as a camera, the P1's big selling point was its WiFi transfer capability -- anything that lets us pull one more cable from our desk immediately gets our attention. And while we were hoping for some hacks to expand the functionality a bit, this isn't exactly what we had in mind. According to Informit, in addition to sending your vacation pics flying through the air, the P1 can also open up your PC to a whole range of attacks, including DoS attacks and infected JPGs and executables, not to mention allowing others to potentially intercept your photos. The bad news, if that wasn't bad enough, is that there apparently isn't any easy fix outside just not installing Nikon's WiFi software on your PC -- thus killing the camera's only wireless functionality. So, unless you can somehow scope out everyone with nefarious intent within WiFi range, you might wanna go back to that trusty SD card reader until further notice.
