Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apple Releases Safari 6

Published: 2012-07-25
Last Updated: 2012-07-25 15:31:44 UTC
by Johannes Ullrich (Version: 1)
1 comment(s)

Even if you don't plan to upgrade to Mountain Lion, as of today Safari 6 is available as an update for older versions of OS This new version includes numerous security fixes and improvements. 

For a (long) list of fixed bugs, the the Apple security announcement [1]. There are also some new security related features:

  • extensions can now figure out if you are in private browsing mode, which should make it easier for extensions to avoid leak.
  • the "https" in https urls is highlighted more, and the lock with more information about the certificate is placed right next to it.
  • The safe password feature got redone, but it doesn't look like Safari will suggest new passwords unless you run Mountain Lion.

 

[1] http://support.apple.com/kb/HT5400

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

Keywords: Apple Safari
1 comment(s)

Apple OS X 10.8 (Mountain Lion) released

Published: 2012-07-25
Last Updated: 2012-07-25 14:41:33 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)

You probably saw by now that Apple unleashed Mountain Lion earlier today. If you are lucky to make it past the overloaded App store, you may already be installing it. But some of you may not be as daring, and there are some reasons to be cautious like with any major update like this. OS X includes some interesting new security features:

One important feature, Gatekeeper, implements iOS like restrictions to install software. This feature may be turned off by an administrator, but you should consider leaving it on by default. It will prevent users from installing unauthorized software. Just like in iOS, the software has to be signed by a valid Apple developer certificate. Further, you can limit software to be installed from the app store only. In OS X Lion, the command line utility "spctl" can be used to test this feature. Mountain Lion added a GUI configuration tool to the standard OS X settings dialog. Also see our prior diary about this tool [1].

The "Roaring Apps" website maintains a pretty good list of Mountain Lion compatible applications [2]. Most security tools I use appear to be compatible (Sophos Anti Virus, Kaspersky Anti Virus, Little Snitch, 1Password...). But note that RoaringApps.com is crowd sourced. To make sure, you should check the software publisher's website.

OS X 10.8 also includes a password safe feature, and improved privacy controls. For details, see Apple's list of security features [3].

Make sure to first update ALL software on your system. Various vendors released Mountain Lion specific updates as late as today. 

Of course, backups are always a good idea, but I assume you got that covered ;-)

[1] http://isc.sans.edu/diary.html?storyid=12631
[2] http://roaringapps.com/
[3] http://www.apple.com/osx/what-is/security.html

 

 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

0 comment(s)

Microsoft Exchange/Sharepoint and others: Oracle Outside In Vulnerability

Published: 2012-07-25
Last Updated: 2012-07-25 14:29:43 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Microosft published an unusual knowledge base article today, warning users of certain versions of Microsoft Exchange and Sharepoint server of a remote code execution vulnerability introduced by Oracle's  "Outside In" libraries that are included with these products. [1]

Affected Products:

Microsoft Exchange Server 2007
Microsoft Exchange Server 2010
FAST Search Server 2010 for Sharepoint

Oracle provided a patch for this issue in it's July patch release [2]. The issue si covered by Oracles "Fusion Middleware" fix. Outside in library version 8.3.7.77 and earlier is vulnerable. The fixed version is 8.3.7.171 (US Cert also mentions 8.3.5.6369 as fixed).

As a work around, you could disable the transcoding service, but it will no longer allow you to preview attachments. Or you could disable the advanced filter pack on FAST Search Server 2010 for SharePoint. 

Oracle's "Outdside In" libraries are able to decode over 500 different file formats [3]. The libraries are used to be able to index content inside files like PDFs and other common file types. 

It is very likely, that not only Microsoft's software is including this library. US-CERT provides a list of software that they identified.

[1] http://technet.microsoft.com/en-us/security/advisory/2737111
[2] http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
[3] http://www.kb.cert.org/vuls/id/118913

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

4 comment(s)
ISC StormCast for Wednesday, July 25th 2012 http://isc.sans.edu/podcastdetail.html?id=2686
Diary Archives