Tag: bug

Windows bug fixed after 18 years

oldfathertimeA researcher with IBM said that a dangerous bug that existed in every version of Windows from Windows 95 onwards has finally been fixed.

Robert Freeman, manager of IBM X-Force, said that it told Microsoft about the bug in May this year and at last Microsoft is fixing it.

The bug can be used by crooks in so called “drive by” attacks to run code remotely and take over peoples’ PCs.

Freeman said that there may well be other bugs that go back decades.  “This vulnerability has been sittting in plain sight for a long time despite many other bugs being discovered and patched in the same Windows library,” he said.

He said that although his unit hadn’t found any evidence that the bug had been exploited, it “would have fetched six figures on the grey market”.

You can find more of IBM’s findings at Freeman’s blog, here.

Apple gear plagued with malware

giant bugPalo Alto Networks has discovered a new family of malware that can infect Apple desktop and mobile operating systems.

For a while now, Jobs’ Mob has made much of the fact it is “super secure” even while its gear is turned over in seconds at hacker conferences.  But now the hardware is becoming more popular it is clear that hackers are starting to write code that can disable anything that Apple comes up with.

The “WireLurker” malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables.

Ryan Olson, intelligence director for the company’s Unit 42 division said that had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.

The malware spread through infected apps uploaded to the apps store that were in turn downloaded onto Mac computers. This is bad news for Apple which always claims that its store is closely vetted in comparison to the Google operation.

According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.

So far, there is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users’ address books. But then again what sort of information would an Apple user have?  There cannot be many Chinese spooks who want a Coldplay or U2 collection. As far as companies are concerned,

Apple was told about the bug two weeks ago and has not done anything.  Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs. Olson said it was the first time he had seen it in action. “It’s the first time we’ve seen anyone doing it in the wild,” he added.