Timeframe: Donnerstag 15-05-2014 18:00 − Freitag 16-05-2014 18:00
Handler: Alexander Riepl
Co-Handler: Robert Waldner
CSWorks Software SQL Injection Vulnerability
Researcher John Leitch, working with HP's Zero Day Initiative (ZDI), has identified an SQL injection vulnerability in CSWorks' CSWorks software framework. CSWorks has produced an updated version that mitigates this vulnerability.
This vulnerability could be exploited remotely.
http://ics-cert.us-cert.gov//advisories/ICSA-14-135-01
Topic: Torque 2.5.13 Buffer Overflow Risk: High Text:A buffer overflow exists in versions of TORQUE which can be exploited in order to remotely execute code from an unauthenticated...
http://cxsecurity.com/issue/WLB-2014050086
Apple Releases OS X 10.9.3, Fixes Serious Flaw in iTunes
Apple has released a new version of OS X Mavericks, which includes all of the security fixes it pushed out last month. OS X 10.9.3 includes the patches for the so-called triple handshake SSL vulnerability, as well as fixes for several remote code-execution vulnerabilities.
http://threatpost.com/apple-releases-os-x-10-9-3-fixes-serious-flaw-in-itunes/106121
Understanding how Fuzzing Relates to a Vulnerability like Heartbleed
Fuzzing is a security-focused testing technique in which a compiled program is executed so that the attack surface can be tested as it actually runs. The attack surfaces are the components of code that accept user input. Since this is the most vulnerable part of code, it should be rigorously tested with anomalous data.
http://labs.bromium.com/2014/05/14/understanding-how-fuzzing-relates-to-a-vulnerability-like-heartbleed/
iTunes: Apple schließt problematische Lücke in PC-Version