A cybercriminal’s full time job is creating new crimes, and he or she will make full use of technology to hide their activities to fool you. And with mobile devices, this is no different. The threat to our mobile devices is also high because our smartphones are always connected, they usually carry some personal data, Read more…
マルウェア作成者は、新しい脆弱性が一般に公開されると、すぐにそれを悪用しようとします。最近 Performance Counters for Linux(PCL)で見つかった、Linux Kernel Local Privilege Escalation Vulnerability(Linux カーネルのローカル特権昇格の脆弱性)(CVE-2013-2094)は、現在さまざまなプラットフォームで悪用されていますが、ついに Android オペレーティングシステム上で動作するように手が加えられました。
Android オペレーティングシステムに詳しくない方のために付け加えると、Android はオープンソースの Linux オペレーティングシステムをベースにしています。つまり、Linux カーネルベースの脆弱性が見つかると、その多くが Android デバイスでも悪用される可能性があるのです。ただし、Android デバイスでも種類が違えば、使われている Linux カーネルのバージョンも異なるため、ある特定の脆弱性の悪用の影響を受けるデバイスは限られるでしょう。
特権昇格の脆弱性の悪用は、サイバー犯罪者に侵入先のデバイスの完全制御を許してしまう可能性があるので特に危険です。Android オペレーティングシステムは通常、すべてのアプリケーションをサンドボックス化するため、どのようなアプリケーションでも、重要なシステム操作を実行したり、他のインストール済みのアプリケーションに干渉したりすることはできません。特権昇格の脆弱性を悪用したマルウェアの例としては、他のアプリケーションのデータにアクセスするもの、アンインストールを妨害するもの、マルウェア自身を隠すもの、さらには Android のアクセス許可モデルをすり抜けて、ユーザーの同意を得ることなくプレミアム SMS メッセージの送信などの操作を実行するものなどが、これまでに確認されています。
2011 年に Android.Rootcager に関するブログでも説明しましたが、特権昇格の脆弱性を突いた悪用はすぐにマルウェアに組み込まれるため、今回の脆弱性の悪用を組み込んだ Android マルウェアも近いうちに登場するでしょう。
シマンテックでは今後も、脆弱性を悪用しようとする脅威の状況を監視し続けます。この悪用の影響を受けるすべての Android デバイスに対してパッチが提供されるまでは、悪質なアプリケーションの被害を受けないためにも、アプリケーションをダウンロードしてインストールする際は、信頼できるマーケットプレイスを選ぶようにしてください。
お使いの Android デバイスが何らかの脅威に感染していると思われる場合は、ノートン モバイルセキュリティに最新の更新をダウンロードして、完全スキャンを実行してください。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
寄稿: Avdhoot Patil
サッカーのクラブチームや有名選手、関連イベントを狙うのは、どうやらフィッシング詐欺師の習性のようです。詐欺師は卑劣な行為を繰り返しており、特にサッカーを標的にしています。今回、目を付けたのは、レアル・マドリード C.F. です。スペインのマドリードに本拠を置く同クラブは、世界で最も裕福なサッカークラブの 1 つであり、お数多くのファンを抱えています。
図. 偽のフィッシング Facebook ページ。レアル・マドリードとクリスティアーノ・ロナウド選手の画像が使われている。
この図にあるように、フィッシングページは、レアル・マドリードを強調したデザインのページコンテンツで、ユーザーに Facebook のログイン情報を入力するよう求めます。このページのタイトルは「Facebook Real Madrid Login」で、背景には同クラブのクリスティアーノ・ロナウド選手の画像が使われています。ユーザーがログイン情報を入力すると、このフィッシングサイトからレアル・マドリードの正規の Facebook コミュニティページにリダイレクトされます。正規のページにリダイレクトするのは、正当なログインだと思わせるためです。このフィッシングサイトの手口に乗ってログイン情報を入力したユーザーは、個人情報を盗まれ、なりすまし犯罪の被害者になってしまいます。
たくさんのファンが付いている有名選手やサッカーチームを利用すれば、標的も膨大な数にのぼり、結果的に個人情報を収集できるチャンスも大きくなることを詐欺師は知っています。2013 年 6 月にもこの傾向は続き、同じようなフィッシング詐欺の手口が横行しています。
インターネットを利用する場合は、フィッシング攻撃を防ぐためにできる限りの対策を講じることを推奨します。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Hello, welcome to this month’s blog on the Microsoft patch release. This month the vendor is releasing five bulletins covering a total of 23 vulnerabilities. Nineteen of this month’s issues are rated ’Critical’.
As always, customers are advised to follow these security best practices:
Microsoft’s summary of the June releases can be found here:
http://technet.microsoft.com/en-us/security/bulletin/ms13-Jun
The following is a breakdown of the issues being addressed this month:
MS13-047 Cumulative Security Update for Internet Explorer (2838727)
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3110) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3111) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3112) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3113) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3114) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3116) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3117) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3118) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3119) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3120) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3121) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3122) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3123) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Use After Free Vulnerability (CVE-2013-3124) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Use After Free Vulnerability (CVE-2013-3125) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Script Debug Vulnerability (CVE-2013-3126) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly processes script while debugging a webpage. The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. An attacker could host a specially crafted website that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the website.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3139) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3141) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Internet Explorer Memory Corruption Vulnerability (CVE-2013-3142) MS Rating: Critical
A remote code execution vulnerability exists when Internet Explorer improperly accesses an object in memory. This vulnerability may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
MS13-048 Vulnerability in Windows Kernel Could Allow Information Disclosure (2839229)
Kernel Information Disclosure Vulnerability (CVE-2013-3136) MS Rating: Important
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could disclose information from kernel addresses.
MS13-049 Vulnerability in Kernel-Mode Driver Could Allow Denial of Service (2845690)
TCP/IP Integer Overflow Vulnerability (CVE-2013-3138) MS Rating: Important
A denial of service vulnerability exists in the way that the Windows TCP/IP driver improperly handles packets during TCP connection. An attacker who successfully exploited this vulnerability could cause the target system to stop responding.
MS13-050 Vulnerability in Windows Print Spooler Components Could Allow Elevation of Privilege (2839894)
Print Spooler Vulnerability (CVE-2013-1339) MS Rating: Important
An elevation of privilege vulnerability exists in the way that Microsoft Windows Print Spooler handles memory when a printer is deleted.
MS13-051 Vulnerability in Microsoft Office Could Allow Remote Code Execution (2839571)
Office Buffer Overflow Vulnerability (CVE-2013-1331) MS Rating: Important
A remote code execution vulnerability exists in the way that Microsoft Office parses specially crafted Office files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
More information on the vulnerabilities being addressed this month is available at Symantec’s free SecurityFocus portal and to our customers through the DeepSight Threat Management System.
Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. The recent discovery of a Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability (CVE-2013-2094) in the Performance Counters for…
We sure didn’t see this one coming. Turns out, our teenage son’s password (and our bank account) recently got hacked—by a friend. Seems the theft was pretty simple to pull off. The culprit—a frequent visitor to our home—simply looked over my son’s shoulder as he typed in his iTunes password. Then, for the next six Read more…
Your smartphone knows everything about you but is your information safe? From banking to global positioning system (GPS), there are many reasons to protect the personal data on your mobile device. Hackers are targeting the Android operating system and there are steps you should be taking to protect yourself. Malware is a generic term used Read more…
Everyone has experienced that gut-wrenching feeling when you look around and realize that one of your prized possessions is missing. Whether it’s your wallet, keys, or smartphone, that feeling of panic and loss is devastating. In today’s digitally connected world that feeling has become incredibly too common. In a recent Digital Assets survey, McAfee discovered Read more…
New security as a service solution offers comprehensive automated scanning and expert security testing, automatic application protection, and unlimited SSL certificates
Revision Note: V1.0 (June 11, 2013): Advisory published.
Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the co…