Vulnerabilities target mobile devices, RealPlayer; Tivoli adds .NET support
Worms Jump to Mobile Phones
Antivirus provider Kaspersky Labs notes the first-ever worm to propagate via mobile phones—named Cabir—has appeared. “So far, Cabir does not seem to have caused any security incidents,” the company notes.
Seemingly more proof-of-concept than devastating attack, the worm “is coded to run under Symbian [Series 60] OS, used in many Nokia telephones,” though it may also affect other handsets, says Kaspersky. The worm is transmitted by a Symbian OS distribution (SIS) file disguised to look like a Caribe Security Manager. If launched, the handset’s screen will read “Caribe” and the worm persists every time the phone is restarted. The worm also scans for all Bluetooth-accessible cell phones within range and attempts to copy itself to the first one it finds.
“Analysis of the worm’s code has not so far detected any malicious payload,” notes Kaspersky.
Still, “this worm is nevertheless perfectly functional and able to spread if released in the wild,” says Matias Impivaara, business manager of Mobile Security Services for F-Secure. “If a person with an infected phone was walking through a city center during the busiest afternoon jam, thousands of others could be infected. Even when we tested this worm, we had to do it in the company’s bomb shelter in order to prevent the worm from connecting to other Bluetooth phones and spreading.”
RealPlayer Vulnerable to Buffer Overflow
Secunia rates it “highly critical”
Secunia warns that RealPlayer 8, 10, and Enterprise, and RealOne Player versions 1 and 2, all from RealNetworks, are vulnerable to a buffer overflow that could allow a remote attacker to compromise a user’s PC.
In fact, there are two “highly critical” vulnerabilities, says Secunia, both of which could be “exploited by malicious people to compromise a user’s system.”
The first is a boundary error in a DLL file, which can be triggered if an attacker creates a special movie file, and embeds it in an HTML document viewed by the PC user.
The other vulnerability is a RAM-related boundary error from parsing URLs. Too many period punctuation marks in the URL can cause a buffer overflow.
If one of the vulnerabilities is exploited, an attacker could run arbitrary code on the compromised computer.
RealNetworks released a patch. Users can use the built-in “check for updates” feature in their Real software to download it.
Tivoli Single Sign-On Adds .NET Support
IBM released a Tivoli Access Manager developer tool to integrate with Microsoft ASP .NET applications. The new tool allows the Windows sign-on screen to stand in for Tivoli authentication; Tivoli will then carry single sign-on through to other applications.
Such an approach also allows for auditing of .NET access attempts, since Tivoli logs all such activity.
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.