Learn quickly about Zero Day hazards for HP and Mac
August 27, The H – (International) Five 0days: HP in the security dock. In compliance with its policies, the Zero Day Initiative (ZDI) has released five security holes that HP has had more than 6 months to fix. All of the zero-day holes affect products in HP’s enterprise and networking divisions: HP LeftHand Virtual SAN, HP Operations Agent for NonStop, HP Intelligent Management Center, HP iNode Management Center, and HP Diagnostics Server. In all five products, remote attackers can exploit programming flaws to inject and execute arbitrary code via specially crafted requests — sometimes even at system user level, the highest threat level. In all five cases, the ZDI informed the company of the problems at the end of 2011. Source: http://www.h-online.com/security/news/item/Five-0days-HP-in-the-security-dock-1676337.html 37.
August 27, Computerworld – (International) Macs at risk from ‘super dangerous’ Java zero-day. Hackers are exploiting a zero-day vulnerability in Java 7, security experts said
August 27. The unpatched bug can be exploited through any browser running on any operating system, from Windows and Linux to OS X, that has Java installed, said the engineering manager for Metasploit, an open-source penetration testing framework. The CTO of Errata Security confirmed the Metasploit exploit — which was published less than 24 hours after the bug was found — is effective against Java 7 installed on OS X Mountain Lion. He said he was able to trigger the vulnerability with the Metasploit code in Firefox 14 and Safari 6 on OS X 10.8. Although the exploits now circulating in the wild have been aimed only at Windows users, it is possible Macs could also be targeted. ―What is more worrisome is the potential for this to be used by other malware developers in the near future,‖ said antivirus vendor Intego. ―Java applets have been part of the installation process for almost every malware attack on OS X this year.‖ The engineering manager for Metasploit called the bug ―super dangerous,‖ noting that it was ―totally a drive by,‖ meaning that attackers could compromise computers simply by duping users into browsing to a Web site that hosts the attack code. Security experts have recommended that users disable Java until Oracle delivers a patch. Source: http://www.computerworld.com/s/article/9230656/Macs_at_risk_from_super_dangerous_Java_zero_day