22nd week of Security Podcast for CERTSTATION

Hello and welcome to the CERTStation Podcast for the 22nd week of 2010. I am Jay Johnson and these are the headlines:

Adobe urges Photoshop CS4 users to install their latest patch (pause)
Ubuntu will push the latest Firefox to Hardy, Jaunty and Karmic releases while
Apple's Mac OS X operating system gets hit by a high risk spyware (pause)
Windows Live Messenger hack tool actually turns out to be a malware and Finally
A popular UK jobs site detects a sophisticated hack into user accounts

And now for this week's newswire details
Adobe's Photoshop Creative Suite 4 image editing software has critical vulnerabilities that could let hackers take control of Macs with the suite installed. Graham Cluley, a security researcher, said the security risk lies in infected ASL, ABR, and GRD files that can cause you to surrender control of your Mac to a remote hacker. This possible attack affects only users of Photoshop CS4, version 11.0.1. According to Adobe's Security Advisory, users should update their systems immediately. To update Photoshop CS4, navigate to Help, and click on Updates. You can also download the update version 11.0.2 directly from Adobe. To fall victim to the attack, users must manually open the file in Photoshop. Photoshop CS5 is not affected. All the holes involve buffer overflows that allow arbitrary code to be injected and executed.

(pause)
According to a posting on the Ubuntu developer's mailing list, Ubuntu developers are planning to push the next release of Firefox, 3.6.4, to the current Ubuntu release, Lucid Lynx 10.04, and to older versions such as Hardy 8.04, Jaunty 9.04 and Karmic Koala 9.10. These older versions currently have Firefox 3.0 and xulrunner 1.9 both of which are no longer supported by Mozilla. The move ends a long standing practice of back-porting security fixes to previous Firefox versions running on older versions of Ubuntu. The change is being made in anticipation of a move from Mozilla to accelerate their update rate for Firefox to 4-6 weeks for minor security, stability releases and 4-6 months for major version updates. The developers have decided that the back-porting process was more risky in terms of creating regressions than updating to the latest Firefox release. There will not be an update for those running Intrepid Ibex (8.10) which is now beyond its 18 month support window.

(pause)
A spyware application that surreptitiously scans chat logs and hard drives of unsuspecting Mac users has found its way onto three of the more popular download sites, security researchers said Tuesday. Dubbed OSX or OpinionSpy, the spyware is distributed through software available on sites including Softpedia, MacUpdate, and VersionTracker, according to Intego, a provider of anti-virus software for Macs. The app isn't contained in the downloads themselves, but rather gets downloaded during the installation process, Intego said. A Windows version of the program has existed since at least 2008. Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs. Intego identified the apps installing OpinionSpy as the MishInc FLV To Mp3 media converter and screensavers made by the company 7art-screensavers. More details about the spyware are here.

(pause)
A hacking tool advertised as being capable of enabling users to hack Windows Live accounts and grab Windows Live Messenger passwords is actually used by attackers to spread their malicious code. According to BitDefencer, HackMSN.exe will not only not permit users to recover Windows Live passwords, but will instead infect them will malware, namely the Backdoor Bifrose AADY. This piece of malicious code affects Windows platforms. The malware injects itself into the explorer.exe process and opens up a backdoor that allows unauthorized access to and control over the affected system, BitDefender's Ioana Jelea stated. Moreover, Backdoor Bifrose AADY attempts to read the keys and serial numbers of the various pieces of software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts, and protected storage.

(pause)
Several job sites run by Trinity Mirror Group have suffered hack attacks, although the newspaper group does not believe any CVs were copied or accessed. JobSearch.co.uk and jobs.mirror.co.uk both suffered hack attacks on 19 May. Blog posts described a concerted and sophisticated attempt to hack into user accounts. As a precaution Trinity Mirror suspended all user accounts and issued new passwords. The post also warned people to change passwords if they were using them on multiple sites. Local news paper claims that both sites have 3.5 million plus CV's on them.

If you enjoyed this podcast why not visit CERTStation.com and check out our free Internet Security Dashboard. In the meantime this is your host Jay Johnson wishing you a safe and secure week.