Sun JRE Privilege Escalation, Opera Vulnerability, Pocket PC Trojan in the wild

Published: 2004-08-05
Last Updated: 2004-08-06 00:08:51 UTC
by Cory Altheide (Version: 1)
0 comment(s)
Sun Java Runtime Environment Privilege Escalation Vulnerability

Sun released an advisory today indicating that the XSLT processor in their Java Runtime Environment doesn't properly separate privileges between applets. This could lead to cross-applet data leakage and possible applet privilege escalation. An updated JRE is available.

Opera Location Object Exploit

Looks like Phishing isn't just for Internet Explorer anymore! GreyMagic Software released an advisory today detailing a flaw in the Opera web browser which would allow an attacker to write arbitrary data to the "location" object. This has many possible repercussions, including allowing an attacker read access to arbitrary files on the victim's machine, and the ever popular URL spoofing enjoyed by phishermen around the globe. An upgrade which addresses this issue is available now.

Pocket PC Trojan Found In the Wild

... by an antivirus company, Kaspersky Labs. Either way, this is an interesting development and indicates that the race to own the mobile PCs of the world is well underway. Details on "Backdoor.WinCE.Brador.a" are available at Viruslist.

While by no means sophisticated, Brador highlights a problem which I believe will become more and more pronounced as PDAs become more ubiquitous. Who in their right mind would distrust their (smart) phone, after all? As perimeter security (slowly but surely) improves, attackers will look for alternate entry points. The classic dial-in backdoor is still far too common, although not to the levels of days past. The PDA, though, could prove to be the perfect soft target. They're usually highly insecure by default, and are allowed to waltz right past the firewall and join the network, no questions asked. Add innate wireless capabilities, often via 802.11b, Bluetooth, and infrared, and a little-known autorun "feature" (highlighted at last week's Black Hat and DefCon security conferences) and you've got an easily owned vector for $CODE_OF_YOUR_CHOICE.


Cory Altheide


0 comment(s)


Diary Archives