January 22, 2008 - Current Activity

SymbianOS Worm

US-CERT is aware of public reports of a malicious SymbianOS worm that may be spreading on mobile phone networks.

The SymbOS/Beselo.A! worm may affect mobile devices running SymbianOS using MMS and Bluetooth. It is reported that this worm spreads by convincing users to install an incoming file that contains the malicious code. These malicious files are noted to have, but are not limited to, the following file names:

• Beauty.jpg
• Sex.mp3
• Love.rm

• Use caution when accepting incoming files via MMS and Bluetooth
• Secure Bluetooth connections to prevent access from unauthorized devices
• Install anti-virus software and keep its virus signature files up-to-date
  

Skype Releases Security Bulletin to Address Cross Zone Scripting Vulnerability

Skype has released Security Bulletin SKYPE-SB/2008-001 to address a cross zone scripting vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

As per Security Bulletin SKYPE-SB/2008-001, Skype has temporarily disabled users' ability to add videos from Dailymotion gallery until an official fix has been made available.

US-CERT will provide more information as it become available.

Citrix Releases Update to Address Vulnerability

Citrix has released Knowledge Center Article CTX114487 to address a vulnerability in Citrix Presentation Server's IMA Service. This vulnerability may allow an attacker to execute arbitrary code on an affected system.

US-CERT encourages users to review Citrix Knowledge Center Article CTX114487 and apply the appropriate hotfix as soon as possible.

US-CERT will continue to investigate and provide additional information as it becomes available.

Adobe Releases Security Bulletins to Address Multiple Cross-Site Scripting Vulnerabilities

Adobe has issued Security Bulletin APSB08-01 and Security Bulletin APSB08-02 to address multiple vulnerabilities in Adobe Dreamweaver, Adobe Contribute, and Adobe Connect Enterprise Server. These software packages may contain cross-site scripting vulnerabilities that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

US-CERT encourages users to review Security Bulletin APSB08-01 for the Adobe Dreamweaver and Adobe Contribute updates and Security Bulletin APSB08-02 for the Adobe Connect Enterprise Server update. Users are also encouraged to apply the appropriate updates as soon as possible.

US-CERT will continue to investigate and provide additional information as it becomes available.

Oracle Releases Critical Patch Update for January 2008

Oracle has released their Critical Patch Update (CPU) for January 2008 to address 26 vulnerabilities across several products. This CPU contains eight security fixes for Oracle Database products; six for Oracle Application Server; one for Oracle Collaboration Suite; seven for Oracle E-Business Suite; and four for Oracle PeopleSoft Enterprise PeopleTools.

US-CERT strongly encourages users to review the January CPU and follow best-practice security policies to determine which updates to apply.

More information regarding these vulnerabilities can be found in Technical Cyber Security Alert TA08-017A.

Cisco Releases Security Advisory to Address Vulnerability in Cisco Unified Communication Manager

Cisco has released Security Advisory cisco-sa-20080116-cucmctl to address a heap overflow in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM). This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition on an affected system.

More information regarding this vulnerability can be found in the Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow.

US-CERT strongly recommends that administrators review the Cisco Security Advisory above and follow best-practice security policies to determine what updates or workarounds should be applied.

Apple Releases Security Updates to Address Multiple Vulnerabilities

Apple has released QuickTime 7.4, iPhone v1.1.3, and iPod touch v1.1.3 to address multiple vulnerabilities in these products. The impacts of these vulnerabilities include arbitrary code execution, application termination, authentication bypass, and cross-site scripting.

US-CERT encourages users to review Apple Article 307301 for the QuickTime update and Apple Article 307302 for the iPhone and iPod touch updates. Users are also encouraged to apply the appropriate updates as soon as possible.

More information regarding the QuickTime vulnerabilies can be found in Technical Cyber Security Alert TA08-016A.

US-CERT will continue to investigate and provide additional information as it becomes available.