[3481] in Security FYI
[IS&T Security-FYI] SFYI Newsletter, February 4, 2013
daemon@ATHENA.MIT.EDU (Monique Yeaton)
Mon Feb 4 16:57:06 2013
Resent-From: ist-security-fyi@mit.edu
From: Monique Yeaton <myeaton@mit.edu>
To: ist-security-fyi <ist-security-fyi@mit.edu>
Date: Mon, 4 Feb 2013 21:51:54 +0000
Message-ID: <3ACED3B2A8CEFB4598A845F07FD4A05F10F8E897@OC11EXPO24.exchange.mit.edu>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1260473558=="
Errors-To: ist-security-fyi-bounces@mit.edu
--===============1260473558==
Content-Language: en-US
Content-Type: multipart/alternative;
boundary="_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F8E897OC11EXPO24excha_"
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F8E897OC11EXPO24excha_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
In this issue:
1. Oracle Releases New Version of Java (Again)
2. Apple Releases iOS 6.1
3. Who Updates Your Android?
----------------------------------------------------------------
1. Oracle Releases New Version of Java (Again)
----------------------------------------------------------------
Last week Oracle released Java 7 Update 13 to address vulnerabilities<http:=
//www.kb.cert.org/vuls/id/858729>.
Systems affected:
* Java Platform Standard Edition 7 (Java SE 7)
* Java SE Development Kit (JDK 7)
* Java SE Runtime Environment (JRE 7)
Users of Java can download the free update here<http://java.com/en/download=
/index.jsp> or via the Windows Java console on their machines.
Mac users<http://kb.mit.edu/confluence/x/5qIBCQ>
MITSIS users<http://kb.mit.edu/confluence/x/AwDSBg>
Apple has blocked Java completely in OS X 10.6 and above. Oracle admits the=
re are some serious problems with Java, but says that those problems lie wi=
th the browser plug-ins and that server-side, desktop, and embedded Java ar=
e not vulnerable to the same attacks.
Read the story in the news here<http://www.theregister.co.uk/2013/01/30/ora=
cle_java_security_analysis/> and here<http://arstechnica.com/apple/2013/01/=
for-second-time-in-a-month-apple-blacklists-java-web-plug-in/>.
-----------------------------------
2. Apple Releases iOS 6.1
-----------------------------------
Last week's Apple iOS update 6.1 addresses more than 20 vulnerabilities, in=
cluding a serious flaw in the kernel and a number of bugs in the WebKit fra=
mework. The company also revoked trust in the bad TurkTrust certificates di=
scovered late last year.
Read the story in the news.<http://threatpost.com/en_us/blogs/apple-release=
s-ios-61-fixes-more-20-vulnerabilities-012913>
-----------------------------------------
3. Who Updates Your Android?
-----------------------------------------
A call has been made for legislators to get involved with making carriers m=
ore responsible for issuing updates to Android mobile devices or to cede co=
ntrol to Google. Activist Chris Soghoian says the "situation is worse than =
a joke, it's a crisis." Some devices are 16 months behind with receiving up=
dates.
Android malware has skyrocketed over the last 12 months. Researchers at Kas=
persky Lab said that 99 percent of mobile malware detected monthly was targ=
eting Android. The most prevalent are SMS attacks that run up premium calli=
ng charges.
While Google is staying up on patching vulnerabilities, these patches are n=
ot making it to the consumers, says Chris Soghoian.
Read the full story online<http://threatpost.com/en_us/blogs/wireless-carri=
ers-put-notice-about-providing-regular-android-security-updates-020413>.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Read all Security FYI Newsletter articles and submit comments online at htt=
p://securityfyi.wordpress.com/.
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D
Monique Yeaton
IT Security Communications Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://ist.mit.edu/security
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F8E897OC11EXPO24excha_
Content-Type: text/html; charset="us-ascii"
Content-ID: <4CE9A1889CEC544D806078B5274BA7B1@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii"=
>
</head>
<body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-lin=
e-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-fami=
ly: Garamond, sans-serif; ">
<div>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; ">In thi=
s issue:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Oracle Releases New V=
ersion of Java (Again)</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Apple Releases iOS 6.=
1</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Who Updates Your Andr=
oid?</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">1. Oracle Releases New V=
ersion of Java (Again)</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
----------------------------------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week Oracle release=
d Java 7 Update 13 to address
<a href=3D"http://www.kb.cert.org/vuls/id/858729">vulnerabilities</a>. =
;</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Systems affected:</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<ul>
<li style=3D"margin: 0px; font-family: Helvetica; ">Java Platform Standard =
Edition 7 (Java SE 7)
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Java SE Developmen=
t Kit (JDK 7)
</li><li style=3D"margin: 0px; font-family: Helvetica; ">Java SE Runtime En=
vironment (JRE 7)
</li></ul>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Users of Java can downlo=
ad the free update
<a href=3D"http://java.com/en/download/index.jsp">here</a> or via the Windo=
ws Java console on their machines.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/x/5qIBCQ">Mac users</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://kb.mit=
.edu/confluence/x/AwDSBg">MITSIS users</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Apple has blocked Java c=
ompletely in OS X 10.6 and above. Oracle admits there are some serious prob=
lems with Java, but says that those problems lie with the browser plug-ins =
and that server-side, desktop, and
embedded Java are not vulnerable to the same attacks.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Read the story in the ne=
ws <a href=3D"http://www.theregister.co.uk/2013/01/30/oracle_java_security_=
analysis/">
here</a> and <a href=3D"http://arstechnica.com/apple/2013/01/for-second-tim=
e-in-a-month-apple-blacklists-java-web-plug-in/">
here</a>.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">2. Apple Releases iOS 6.=
1</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Last week's Apple iOS up=
date 6.1 addresses more than 20 vulnerabilities, including a serious flaw i=
n the kernel and a number of bugs in the WebKit framework. The company also=
revoked trust in the bad TurkTrust
certificates discovered late last year.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://threat=
post.com/en_us/blogs/apple-releases-ios-61-fixes-more-20-vulnerabilities-01=
2913">Read the story in the news.</a></p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">3. Who Updates Your Andr=
oid?</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">------------------------=
-----------------</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">A call has been made for=
legislators to get involved with making carriers more responsible for issu=
ing updates to Android mobile devices or to cede control to Google. Activis=
t Chris Soghoian says the "situation
is worse than a joke, it's a crisis." Some devices are 16 months behi=
nd with receiving updates.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">Android malware has skyr=
ocketed over the last 12 months. Researchers at Kaspersky Lab said that 99 =
percent of mobile malware detected monthly was targeting Android. The most =
prevalent are SMS attacks that run
up premium calling charges.</p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; ">While Google is staying =
up on patching vulnerabilities, these patches are not making it to the cons=
umers, says Chris Soghoian. </p>
<p style=3D"margin: 0px; font-family: Helvetica; min-height: 17px; "><br>
</p>
<p style=3D"margin: 0px; font-family: Helvetica; "><a href=3D"http://threat=
post.com/en_us/blogs/wireless-carriers-put-notice-about-providing-regular-a=
ndroid-security-updates-020413">Read the full story online</a>.</p>
</div>
<div><span class=3D"Apple-style-span" style=3D"border-collapse: separate; f=
ont-family: Calibri; font-size: medium; border-spacing: 0px; "><span class=
=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacing: 0=
px; font-family: Helvetica; font-size: 14px; ">
<div style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line=
-break: after-white-space; ">
<span class=3D"Apple-style-span" style=3D"border-collapse: separate; border=
-spacing: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse:=
separate; border-spacing: 0px; "><span class=3D"Apple-style-span" style=3D=
"border-collapse: separate; border-spacing: 0px; "><span class=3D"Apple-sty=
le-span" style=3D"border-collapse: separate; border-spacing: 0px; "><span c=
lass=3D"Apple-style-span" style=3D"border-collapse: separate; border-spacin=
g: 0px; "><span class=3D"Apple-style-span" style=3D"border-collapse: separa=
te; border-spacing: 0px; font-size: 12px; ">
<div><br>
</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<div>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">Read all Se=
curity FYI Newsletter articles and submit comments online at
<a href=3D"http://securityfyi.wordpress.com/">http://securityfyi.wordpress.=
com/</a>.</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; ">=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
<p style=3D"margin: 0px; font-size: 14px; font-family: Arial; "><br>
</p>
</div>
<div>Monique Yeaton</div>
<div>IT Security Communications Consultant</div>
<div>MIT Information Services & Technology (IS&T)</div>
<div>(617) 253-2715</div>
<div>http://ist.mit.edu/security</div>
<div><br class=3D"khtml-block-placeholder">
</div>
<br class=3D"Apple-interchange-newline">
</span></span></span></span></span></span></div>
</span></span></div>
</body>
</html>
--_000_3ACED3B2A8CEFB4598A845F07FD4A05F10F8E897OC11EXPO24excha_--
--===============1260473558==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
ist-security-fyi mailing list
ist-security-fyi@mit.edu
To Unsubscribe http://mailman.mit.edu/mailman/listinfo/ist-security-fyi
--===============1260473558==--
