Opera on Tuesday released a critical security update, designed to fix vulnerabilities in its browser that could allow malicious attackers to use an altered JPEG to take control of a user's system.
The update for Opera version 9.64 is designed to address security vulnerabilities in earlier versions of Opera 9.
The vulnerabilities were found in Opera's plug-ins, which when exploited via a maliciously crafted JPEG image could cause Opera to corrupt memory and crash, potentially resulting in execution of arbitrary code and cross-site scripting, Opera noted in its advisory.
Security software company Secunia rates the vulnerabilities as "highly critical."
Internet security firm Intego said on Thursday that it has discovered a new Trojan horse in pirated copies of Apple's iWork '09 productivity software that could allow an attacker to take control of the infected computer.
The Trojan horse, OSX.Trojan.iServices.A, discovered circulating in copies of the software on BitTorrent trackers and other pirate sites, is rated serious, according to Intego's security alert.
When iWork is installed, the Trojan is installed as a start-up item as a part of iWorkServices. It has read-write-execute permissions for root control of the computer, Intego said. The malware connects to a remote server over the Internet and may download additional components to the infected computer.
As of early Thursday, at least 20,000 people had downloaded the iWork '09 installer, according to Intego.
Meanwhile, an Italian researcher has uncovered a way to inject malicious code into memory of OS X-based computers, which would enable attackers to easily hide their activities, according to The Register.
Ho-ho-ho. This isn't an offer for a real coupon book from McDonald's. It's a new mass-mailing e-mail worm.
(Credit: Websense)On Tuesday security vendor WebSense issued an alert warning that holiday coupon e-mails from familiar companies may be malicious code in disguise, in this case a mass-mailing e-mail worm.
The warning cites one spoofed McDonald's e-mail that claims to present their latest discount menu, and asks the recipient to print out the attached coupon. A similar mailing pretending to be from Coca-Cola asks recipients to print out details about their new online game, and also offers recipients a chance to win Coca-Cola drinks for life. Websense says the attached zip file contains files named either coupon.exe or promotion.exe, both of which contain dropper files for remote access Trojan horses.
Previously, Websense issued an alert for a holiday-themed animated postcard.
This cute holiday card could install a worm on your PC, says McAfee.
(Credit: McAfee)On Wednesday, McAfee identified a third holiday-themed e-mail using the Hallmark brand. McAfee has named the malware used as W32/Xirtem@MM and says this particular worm carries a built-in SMTP engine that mass-mails copies of itself to e-mail addresses harvested from an infected machine.
In all cases the e-mail appears to be legitimate, using images taken from the McDonald's, Coca-Cola, and Hallmark sites.
To avoid compromise, antivirus experts recommend not opening e-mail attachments as well as keeping your desktop's antivirus protection up-to-date.
- prev
- 1
- next
