Happy patching day
With the DNS issues, Microsoft OOB patch and the Flash issue a couple of other things may have slipped your attention. So whilst you are applying the MS patches keep in mind that there are a few more that may need applying in the near future.
Adobe has three bulletins out at the moment. The Flash issue, flash in IE and Shockwave. The flash patches should be hitting the street on the 31st a Shockwave upgrade is already available (more info here http://www.adobe.com/support/security/ ).
As mentioned in Bojan's diary entry the Internet Systems Consortium has a fixed version of bind available on their site. so make some time to upgrade that as soon as you can (of course after testing).
Cisco also had an advisory out this week Advisory ID: cisco-sa-20090729-bgp. There are two issues that affect certain version of the IOS that allow 4 byte AS numbers and have BGP enabled. Both issues will cause the device to reload. More details are here. Updates are available.
Another Cisco advisory earlier this week deals with their wireless LAN controllers which has four issues, three denial of service attacks using malformed requests using HTTP, HTTPS or SSH. The fourth is a malformed request which allows you to own the controller and thus the wireless network. If you are running these devices, patch. More info is here.
There are no doubt many, many more, but these should be near the top of your list. So if you are having fun at Blackhat and/or Defcon, make sure junior is on top of it.
UPDATE:
Flash update is out already, Adobe Reader is still to come.
Mark - Shearwater
iPhone Hijack
We received some information today about a bug in the iPhone OS that may cause some pretty significant problems. An article was published a couple of days ago that on a couple of well known cyber researchers are going to discuss at the Black Hat Conference this afternoon. Charlie Miller - one of the researchers urges iPhone users to turn off you iPhone immediately if you get a text message with a single square character. Miller says "that small cipher will likely be your only warning that someone has taken advantage of a the bug".
Miller says that Apple was notified of the vulnerability a month ago and to this date a patch has not been released. So for those of you with iPhones... Be diligent, watch for any unusual text message and turn off the device quickly. For more information take a look at the article in Forbers Online at:
www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html
Many thanks to our readers Jason and Ken for notifying us about this article.
Deb Hale Long Lines, LLC
Comments