Chris Brook

About

"Distrust and caution are the parents of security" - Benjamin Franklin

Time Stamp Bug in Sudo Could Have Allowed Code Entry

A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password.The problem, which has since been fixed, previously existed in builds 1.6.0 through 1.7.10p6 and 1.8.0 through 1.8.6p6 of sudo. The program is usually found in Unix-based Linux and Mac OS X systems.


Adobe released yet another security update for its Flash Player product, it’s third this month, earlier today. The emergency update patches three vulnerabilities, including two critical (CVE-2013-0643 and CVE-2013-0648) that are targeting Flash Player in Mozilla’s Firefox browser and could let an attacker crash and compromise affected systems.

Social media supersite Facebook has fixed a vulnerability that could have allowed a hacker to access a user’s account simply by getting them to click through to a specially crafted website. The flaw essentially mimicked the functionality of an authentic Facebook application without actually installing an application to their profile.

The seemingly endless list of critical zero day bugs found in Java grew longer today with news that one of the flaws fixed in Oracle’s recent patches for the product is under attack and when that bug is paired with another, separate vulnerability, the sandbox in the latest build of Java can be bypassed.

It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.