Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Apple Fixes Several Bugs

    Releasing one of its biggest Mac OS X security updates, Apple fixes 88 vulnerabilities with Security Update 2010-002/Mac OS X v10.6.3. The update addresses critical issues that can lead to arbitrary code execution, information disclosure, and denial-of-service (DoS) attacks.

    One of the critical fixes included is the solution for the AppKit issue, which can lead to an unexpected application termination or arbitrary code execution when spell-checking maliciously crafted documents. The update likewise includes fixes for several critical ImageIO and QuickTime bugs.  Mac OS X users are thus advised to immediately download and install the security update.

    Microsoft Releases an Out-of-Band Patch

    Microsoft, for its part, recognizes the immediate need to provide a solution for CVE-2010-0806 and has announced the impending release of an out-of-band patch via Security Bulletin MS10-018. The said release will primarily solve issues surrounding the zero-day Internet Explorer (IE) vulnerability affecting IE 6 and 7.

    Since it first became public, cybercriminals have exploited the zero-day vulnerability. These exploits have led to malware detections, including several malicious JavaScript files (JS_SHELLCODE.CD, JS_SHELLCOD.JDT, JS_ COSMU.A, and JS_SHELLCODE.YY). The final payload of which are TSPY_GAMETI.WOW and TROJ_GAMETHI.FNZ, which both lead to game-related information theft.

    The advance notification also stated that the out-of-band patch will be a cumulative update for IE. Apart from the critical zero-day patch, the update will likewise address nine other vulnerabilities, some of which also affect IE 8.

    The patch is slated for release on March 30, 2010 at approximately 10:00 a.m. PDT (UTC-8). The primary workaround for CVE-2010-0806 is to upgrade to IE 8, which remains unaffected by this particular zero-day vulnerability. However, the best practice is still applying the out-of-band patch as soon as it is released.

    Trend Micro Solutions for Windows and Mac Users

    Trend Micro Deep Security™ and OfficeScan™ continue to protect business users from the this particular IE zero-day exploit via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF10-011 release, rule number IDF10011.

    Trend Micro™ Smart Protection Network™ likewise protects product users from this threat by preventing users from accessing sites hosting JS_SHELLCODE.CD, JS_SHELLCOD.JDT, JS_SHELLCODE.YY, and JS_COSMU.A. It also prevents the download and execution of malicious files such TROJ_INJECT.JDT, TROJ_SASFIS.VR, TROJ_DLOADR.VR, TSPY_GAMETI.WOW, TROJ_DROPPR.FNZ, and TROJ_GAMETHI.FNZ via the file reputation service.

    Mac users can also protect their systems by using Trend Micro Smart Surfing for Mac.

    Update as of March 31, 2010, 11:30 a.m. (GMT +8:00):

    Microsoft released a security update that resolves nine reported vulnerabilities and one unreported vulnerability in IE. The update also addresses the CVE-2010-0806 vulnerability. Affected users are advised to download the updates from this security bulletin.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice