Entries in Security (23)


iOS 4.x Tracking

Earlier today it was reported by a security research firm that all iOS 4 devices have been recording their GPS locations in a database which is located on the device.  I'll post more information once I've had a chance to review the firm's data and have read more information about the issue.


Window Vulnerability in Shell Allow's Remote Code Execution

On July 16 security researchers discovers a new exploit in Microsoft's Windows Operating.  This exploit is currently in the wild and affects all versions of Windows.  Microsoft has not released a patch for the vulnerability and may not have one ready for next second Tuesday patch release.  Vulnerability exists in the Windows Shell that very like allows an attacker to remotely execute code.  The initial attack vector was via USB devices, but researchers are now pointing to examples that are in the wild of execution of the vulnerability via network shares and favicons (the small graphics file that is located in your browsers address bar).  Microsoft has posted information on a work around that will disable the shell code, but the work around will also cause all of your desktop icons to disappear (not the best option).   The security firm Sophos has created a third party software patch that will fix the issue for .LNK files.  These are generally shortcuts that are created in Windows.  This third party patch does not protect against the vulnerability of PIF files.

Afftected Operating System

  • Windows 2000
  • Windows XP
  • Windows XP Service Pack 1
  • Windows XP Service Pack 2
  • Windows XP x64 Service Pack 2
  • Windows XP Service Pack 3
  • Windows XP x64 Service Pack 3
  • Windows 7 (All versions)
  • Window Server 2003 32bit and 64bit
  • Window Server 2003 Service Pack 2 32bit and 64bit
  • Windows Server 2008 (All versions)