“There’s so much malware on Android, you’d think it would be a huge deal,” Cobb said. And the growth of is “huge,” he added, “both in the number of malware exploits and their increasing sophistication. The rate of growth in Android malware is impressive, and scary.”
FireEye offered the following details in regards to the latest Java failure:
Not like other popular Java vulnerabilities in which security manager can be disabled easily, this vulnerability leads to arbitrary memory read and write in JVM process. After triggering the vulnerability, exploit is looking for the memory which holds JVM internal data structure like if security manager is enabled or not, and then overwrites the chunk of memory as zero.
Upon successful exploitation, it will download a McRAT executable from same server hosting the JAR file and then execute it.
I told you yesterday of the new app from Yahoo! for iOS, and browser extension for Firefox, Chrome, and Safari, called Axis. Well apparently Yahoo! leaked some critical info about the browser extension that makes it vulnerable.
Yahoo! today released its Axis extension for Chrome – and accidentally leaked its private security key that could allow anyone to create malicious plugins masquerading as official Yahoo! software.
Australian entrepreneur Nik Cubrilovic, who last year garnered notice for identifying Facebook’s tracking cookies, revealed the certificate blunder on his blog, and said users should not install the extension “until the issue is clarified”.
We don’t know exactly when 10.8 will be released to the public but some have speculated that it could be as early as the week of June 11th at WWDC 2012. We must have a signed and released Firefox out there before the general public starts upgrading and we’ve been working hard to make that happen as soon as possible. This post will give a short history of Mac signing at Mozilla and talk about our timeline for enabling it.
Gatekeeper by default, allows the user to install any app from the Mac App Store or from any developer that has authenticated themselves with Apple and obtained a certificate. This will be a great security feature to help avoid installing malware on your system. Nice move by mozilla.
For those of you still using Leopard (10.5), Apple (really late) has released a Flashback Removal Tool. Also, they have released Leopard Security Update 2012-003, which disables versions of Adobe Flash Player that do not include the latest security updates and provides the option to get the current version from Adobe’s website.