On mySimon: Body Solid EXM 3000LPS
BNET Business Network:
BNET
TechRepublic
ZDNet

October 2nd, 2006

Bad security week for Microsoft, Apple, and Blizzard

Posted by George Ou @ 3:41 am

Categories: Security

Tags:

Another zero-day threat hits Microsoft Internet Explorer 5 and 6 just after Microsoft issued an emergency out-of-cycle patch for the VML threat.  This new critical threat had been known for 2 months but missed September's patch Tuesday.  Microsoft is expected to patch it next Tuesday but attacks are already being seen in the wild.

Apple on Friday issued patches for 15 vulnerabilities most of which are remotely exploitable.  Issues such as Safari, Flash Player, code-executing JPEG2000 images, privilege escalations in the kernel, code-executing PICT images, and other components in Mac OS X were patched.

[UPDATE October 3: This was mostly a prank] At Toorcon 8 in San Diego, Joris Evers is reporting that two hackers are claiming to have 30 exploits for Mozilla Firefox.  They disclosed one of the issues with enough detail that it could probably be reproduced by other hackers.  Mozilla's security chief Window Snyder is taking the threat seriously and was upset by the fact that the exploit was released to the public without any notification to Mozilla.  A security staffer from Mozilla attempted to "persuade the presenters to responsibly disclose flaws via Mozilla's bug bounty program instead of using them for malicious purposes such as creating networks of hijacked PCs, called botnets".  Unfortunately, the hackers do not plan to disclose them.  Evidence for the other 29 exploits were not shown.  The hackers stated it was problem in Firefox's implementation of JavaScript and that it was a "complete mess".   Snyder admitted that "if it is in the JavaScript virtual machine, it is not going to be a quick fix". [UPDATE October 3: This was mostly a prank]

Oh, and Blizzard and their WOW customers aren't having a good week either.  It would seem that a lot of World of Warcraft players are being targeted for their passwords through Malware and keyloggers.  Once the password thieves have the passwords, they can turn around and sell off virtual goods for real money.

George Ou is Technical Director of ZDNet. See his full profile and disclosure of his industry affiliations.

  • Talkback
  • Most Recent of 49 Talkback(s)
For the last time, there is no mistake here
Everyone in the media INCLUDING the CHIEF OF MOZILLA SECURITY took this seriously. This is because details of a REAL flaw was shown and real crash dumps are being offered by the pranksters through their cooperation. There is NO MISTAKE HERE.... (Read the rest)
Posted by: georgeou Posted on: 10/04/06 You are currently: a Guest | | Terms of Use
What...  opensourcepro | 10/02/06
No problemas  D. T. Schmitz | 10/02/06
Cursed Black Hats  nucrash | 10/02/06
Supposing...  D. T. Schmitz | 10/02/06
Ultimately you can't stop a black hat.  nucrash | 10/02/06
No Justification  D. T. Schmitz | 10/02/06
Truly loony  jragosta | 10/02/06
Better headline  tic swayback | 10/02/06
Come on Tic  Rick_K | 10/02/06
Bad week indeed  Rick_K | 10/02/06
Where is your head?  nucrash | 10/02/06
I was going by this quote  Rick_K | 10/02/06
My Apologies  nucrash | 10/02/06
If we're analyzing at the level of word choice....  tic swayback | 10/02/06
Guilty as Charged  D. T. Schmitz | 10/02/06
I plead guilty  nucrash | 10/02/06
Waiting...  rwahrens1952 | 10/02/06
It will be  Rick_K | 10/02/06
yup, if something is found wrong with msft...  Arm A. Geddon | 10/02/06
a vulnerability not equal to exploit.. not equal to exploit in the wild...  doctorSpoc | 10/02/06
Next Tuesday?  xstep | 10/02/06
Guess it's Opera time  DalyDose | 10/02/06
explain to me how Apple was targeted..  doctorSpoc | 10/02/06
Mozilla Firefox also runs on Apple  nucrash | 10/02/06
Opera / A good option also, provided...  D. T. Schmitz | 10/02/06
dont know...  doh123 | 10/02/06
JetJaguar Challenge #2  JetJaguar | 10/02/06
Fail  tic swayback | 10/02/06
challenge is a dud  rwahrens1952 | 10/02/06
Well, it's a good thing  JetJaguar | 10/02/06
Challenge answered  tic swayback | 10/02/06
Fail  JetJaguar | 10/02/06
Duh! Didn't you read my post?  tic swayback | 10/02/06
Good one  jragosta | 10/02/06
Actors?  TonyMcS | 10/02/06
Just actors? Hardly!  tic swayback | 10/02/06
Nawhhh for MS is the sane every week,  michael_t | 10/02/06
Uh oh George, time to backtrack  Monkey_MCSE | 10/03/06
Never  jragosta | 10/03/06
It's childish to mix the issues  georgeou | 10/03/06
IOW, the facts are the same  jragosta | 10/04/06
Here is the difference  georgeou | 10/04/06
Young Punks  D. T. Schmitz | 10/03/06
Why Backtrack  nucrash | 10/03/06
Forge relationships  D. T. Schmitz | 10/03/06
We were ALL mislead on this  georgeou | 10/03/06
OK  D. T. Schmitz | 10/03/06
For the last time, there is no mistake here  georgeou | 10/04/06
The difference  jragosta | 10/04/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Click Here
advertisement

Recent Entries

Top Rated

    Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
    advertisement
    Click Here

    Archives

    ZDNet Blogs

    White Papers, Webcasts, and Downloads

    SmartPlanet

    Click Here