Gotham Security Daily Threat Alerts

By Nancy Rand
Posted in Security
On August 26, 2015

August 24, Securityweek – (International) Zero-day flaws found in Dolphin, Mercury browsers for Android. A security researcher discovered a vulnerability in the Dolphin web browser for Android in which a man-in-the-middle (MitM) attacker could inject a specially crafted file to arbitrarily write files or execute remotely, as well as unpatched insecure Intent URI scheme implementation and path transversal vulnerabilities in the Mercury web browser that could allow a remote attacker to read and write arbitrary files within the application’s data directory. Source

August 24, Softpedia – (International) Google patches Android vulnerability that allowed arbitrary code execution. Google issued an update addressing a heap overflow vulnerability in the Android mediserver’s Audio Policy Service that an attacker could trigger to cause a continuous crash loop in the affected device. Source

August 24, Securityweek – (International) Apple patches nine vulnerabilities in QuickTime for Windows. Apple patched nine vulnerabilities in QuickTime 7.7.8 for Microsoft Windows, including denial-of-service (DoS) flaws that can be exploited via specially crafted .MOV files, leading to a memory corruption condition that can cause QuickTime to terminate unexpectedly. Source

August 24, The Register – (International) Samsung smart fridge leaves Gmail logins open to attack. Security researchers from Pen Test Partners discovered a Secure Sockets Layer (SSL) vulnerability in Samsung’s RF28HMELBSR smart fridge in which a man-in-the-middle (MitM) attacker could use a fake Wi-Fi access point and deauthentication to steal Google login credentials via the refrigerator’s calendar client. Source

August 24, Help Net Security – (International) Risky mobile behaviors are prevalent in the government. Lookout released findings from a report revealing that 14,622 Lookout-enabled devices across 20 Federal agencies encountered 1,781 app-based threats, that employees use personal mobile devices in various ways that can compromise agency network security, and that 18 percent of Federal employees with personal and government-issued smartphones reported encountering malicious software, among other findings. Source

Nancy Rand

Nancy Rand

Nancy has more than 20 years’ experience in information technology and security, solving business issues and implementing best-practice solutions that support organizational objectives. Her expertise includes leveraging, optimizing, and implementing diverse technology platforms, and management of large-scale technology projects.