copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


AusCERT Week in Review for 22nd February 2013

Date: 22 February 2013

Click here for printable version


The world saw a number of interesting developments this week in the information security space. Apple admitted that "a small number" of the company's computers were infected by malware, reportedly the very same nasty bug that recently claimed victory over computers belonging to employees at Facebook and Twitter as well. This attack took the form of a waterhole attack using a Java vulnerability for which a patch is now available. By targeting a website known to be popular with intended victims of the attack, the now old-fashioned step of enticing the victim to follow a link is removed - the attacker knows the victim will eventually visit the site and become infected. In this case, the waterhole was a mobile app development hub, iPhoneDevSDK.

Whilst the companies claimed no data was stolen, perhaps this may serve as a reminder to those using Apple products that security vulnerabilities do indeed exist in products for the Mac OSX platform (and any platform, really). Apple themselves withdrew the "Macs don't get PC viruses" claim from their website last year, replacing it with "built to be safe". How many friends or colleagues do you know that are running Mac OSX without any antivirus software, believing that it's not necessary? Your mission for this weekend: find a Mac user and help them implement security best practice on their platform!

No doubt you've already read Mandiant's intelligence report on China's cyber espionage units, and less than a week later the opportunists have struck: malicious versions of the PDF document have been circulated. Make sure you've applied Adobe's recent patch addressing the vulnerability targeted in this malicious PDF document.

Speaking of which, a number of popular products received security patch updates this week - just in case you missed them, below are three bulletins covering six reasonably popular products. At least two of these products are widely utilised in corporate environments (Java and Adobe Reader). If you're unable to update these products for compatibility or other compelling business reasons, consider alternative mitigation strategies to limit their exposure to threats. For example, use virtualisation to segment older instances of software away from Internet threats or as a last resort, it's possible in theory to install different versions of Java on a workstation to cater for both legacy applications in need of an older version and Internet browsing using the latest release.

1/ ASB-2013.0024.2 - UPDATE [Win][UNIX/Linux][Android] Mozilla Firefox, Thunderbird and SeaMonkey: Multiple vulnerabilities

2/ ASB-2013.0025 - ALERT [Win][UNIX/Linux] Oracle Java: Multiple vulnerabilities

3/ ESB-2013.0232 - ALERT [Win][Linux][OSX] Adobe Reader and Acrobat: Multiple vulnerabilities

On a different note, it's my pleasure to introduce two new members of AusCERT's Coordination Centre Team. We are the division of AusCERT responsible for your incident monitoring and response, as well as the regular Security Bulletins. Ananda Garin-Michaud and Parth Shukla have both joined the CC Team as Information Security Analysts this month. Additionally Jonathan Levine, previously Senior Information Security Analyst in the CC Team, has taken on the role of Security Analyst Team Leader. Last but certainly not least, Marco Ostini is the CC Team's Senior Information Security Analyst.

Best regards,
Mike Holm
Manager, Coordination Centre.