Hacking news from Heise
Old exploit for Sony's PSP works on Apple's iPhone
In the hacker community, Apple's iPhone obviously continues to be the most interesting object for investigation. Unphased by its supposed security, a hacker group has apparently managed to smuggle their own code into Safari's current firmware and execute it via a buffer overflow that occurs while processing TIFF images. A sample "Hello world" is claimed to have been successfully tested several times. Interestingly, the exploit is reported to have originated in a PSP hacker source that was able more than a year ago to execute its own software and so install somewhat modified firmware on to the PSP via a TIFF hole.
Read the article HERE.
Microsoft Outlook also caught in the URI trap
According to an advisory by security service provider Secunia, Outlook Express and Outlook 2000 are also affected by the Windows URI problem. Not only Firefox, Skype, Adobe Reader, Miranda, mIRC and Netscape as previously reported, but also Microsoft applications might be exploited to launch arbitrary programs on a user’s system by clicking a malicious URL. As yet, Microsoft has not seen the need to provide a patch to eliminate the problem at its source, i.e., Windows, and has denied any related vulnerability in Microsoft products.
Read the article HERE.
In the hacker community, Apple's iPhone obviously continues to be the most interesting object for investigation. Unphased by its supposed security, a hacker group has apparently managed to smuggle their own code into Safari's current firmware and execute it via a buffer overflow that occurs while processing TIFF images. A sample "Hello world" is claimed to have been successfully tested several times. Interestingly, the exploit is reported to have originated in a PSP hacker source that was able more than a year ago to execute its own software and so install somewhat modified firmware on to the PSP via a TIFF hole.
Read the article HERE.
Microsoft Outlook also caught in the URI trap
According to an advisory by security service provider Secunia, Outlook Express and Outlook 2000 are also affected by the Windows URI problem. Not only Firefox, Skype, Adobe Reader, Miranda, mIRC and Netscape as previously reported, but also Microsoft applications might be exploited to launch arbitrary programs on a user’s system by clicking a malicious URL. As yet, Microsoft has not seen the need to provide a patch to eliminate the problem at its source, i.e., Windows, and has denied any related vulnerability in Microsoft products.
Read the article HERE.
posted by vanish at 7:26 AM
0 Comments:
Post a Comment
<< Home