End-of-Shift report
Timeframe: Dienstag 27-01-2015 18:00 − Mittwoch 28-01-2015 18:00
Handler: Robert Waldner
Co-Handler: Alexander Riepl
2755801 - Update for Vulnerabilities in Adobe Flash Player in Internet Explorer - Version: 36.0
https://technet.microsoft.com/en-us/library/security/2755801
USN-2486-1: OpenJDK 6 vulnerabilities
Several vulnerabilities were discovered in the OpenJDK JRE related to
information disclosure, data integrity and availability. An attacker could exploit these to cause a denial ..
http://www.ubuntu.com/usn/usn-2486-1/
VMware Security Advisories - 1 New, 1 Updated, (Wed, Jan 28th)
VMware has released an new and updated security advisory today. The two security advisories, listed below, address numerous vulnerabilities in the VMware ..
https://isc.sans.edu/diary.html?storyid=19241
Magnetrol HART DTM Vulnerability
This advisory provides mitigation details for an improper input validation vulnerability in the CodeWrights GmbH HART DTM library utilized by some Magnetrol products.
https://ics-cert.us-cert.gov//advisories/ICSA-15-027-01
Schneider Electric Multiple Products Buffer Overflow Vulnerability
This advisory provides mitigation details for a buffer overflow vulnerability in Schneider Electric's SoMove Lite software package.
https://ics-cert.us-cert.gov//advisories/ICSA-15-027-02
CodeWrights GmbH HART DTM Vulnerability (Update B)
This updated advisory is a follow-up to the updated advisory titled ICSA-15-012-01A CodeWrights GmbH HART DTM Vulnerability that was published January 13, 2015, on the ICS-CERT web site. This updated advisory provides mitigation details for an improper input validation vulnerability in CodeWrights ..
https://ics-cert.us-cert.gov//advisories/ICSA-15-012-01B
Bug in ultra secure BlackPhone let attackers decrypt texts, stalk users
A recently fixed vulnerability in the BlackPhone instant messaging application gave attackers the ability to decrypt messages, steal contacts, and control vital functions of the device, which is marketed as a more secure way to protect communications from government and criminal snoops.
http://arstechnica.com/security/2015/01/bug-in-ultra-secure-blackphone-let-attackers-decrypt-texts-stalk-users/
CVE-2015-0016: Escaping the Internet Explorer Sandbox
I analyzed this vulnerability (designated as CVE-2015-0016) because it may be the first vulnerability in the wild that showed the capability to escape the Internet Explorer sandbox. As sandboxing represents a key part of exploit mitigation techniques, any exploit that can break established sandboxes is worth a second look.
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2015-0016-escaping-the-internet-explorer-sandbox/
Multiple vulnerabilities in the FreeBSD kernel code
Francisco Falcon from the Core Exploit Writers Team found multiple vulnerabilities in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the ..
http://www.net-security.org/secworld.php?id=17882
Neue Apple-TV-Software behebt zahlreiche Sicherheitslücken
Neben iOS 8.1.3 und OS X 10.10.2 hat Apple am Dienstagabend auch noch ein Update der Software seiner Multimediabox veröffentlicht. Neue Funktionen hat die offenbar nicht, dafür jede Menge Fixes.
http://heise.de/-2530119
Apple security updates 27 Jan 2015
http://support.apple.com/en-us/HT1222