May 17, SecurityWeek– (International) Critical vulnerability in Symantec AV Engine exploited by just sending an email. Symantec updated its Antivirus Engine (AVE) addressing a critical memory corruption flaw after a security researcher from Google Project Zero discovered the flaw affected most Symantec and Norton-branded antivirus products and reported the issue related to how the antivirus products handle executables compressed in the ASPack file compressor. The vulnerability can be remotely exploited for code execution by sending a specially crafted file to the victim. Source
May 17, SecurityWeek – (International) Apple patches flaws in iOS, OS X, other products. Apple released version 9.3.2 for its mobile operating systems (iOS) including its OS X, iOS, iTunes, Safari, tvOS, and watchOS products which patched 39 flaws after security researchers from Google, Trend Micro, and Context Information Security, among other security companies, found a way to bypass the lockscreen on the iPhone 6s and access photos and contacts by using Siri to conduct an online search for email addresses via Twitter. Source
May 16, Softpedia – (International) Million-Machine botnet manipulates search results for popular search engines. Security researchers from Bitdefender reported that a click-fraud botnet, Million-Machine can modify Internet Explorer proxy settings and add a Proxy Auto Configuration (PAC) script to hijack all Web traffic through a local proxy server and view all Web traffic originating from the personal computer (PC) via infected downloadable versions of popular software programs including WinRAR, YouTube Downloader, and Connectify, among other products. The malware’s dissemination was assisted by the Redirector.Paco botnet that modifies a computer’s local registry keys with two entries disguised as Adobe products to make the Million-Machine malware begin its operations after each PC restart. Source
May 16, SecurityWeek – (International) Chrome to deprecate Flash in favor of HTML5. The technical program manager at Google (Chrome) reported that they will only allow Flash Player execution if a user has indicated that the domain should execute the program and will begin to implement an “HTML5 by Default” policy on its Chrome Web browser by Quarter 4 (Q4) 2016. Chrome will introduce the new feature with a temporary whitelist of the current top Flash Player Web sites, which will expire after one year. Source
May 16, SecurityWeek – (International) Attackers deliver latest Flash exploit via malicious documents. Security researchers from FireEye reported that a type confusion flaw, previously patched by Adobe, was revealed to have disseminated the exploit via Uniform Resource Identifier (URL) or email attachment after attackers embedded the Flash Player exploit inside Microsoft Office documents, which attackers hosted onto their Web server, and used a Dynamic DNS (DDNS) domain to reference the document and payload. Source
Reprinted from the USDHS Daily Open Source Infrastructure Report