Fortinet Blog | News and Threat Research

Updates, upgrades and patches, oh my. The week of May 7-11 was indeed a week of major patches from some of the biggest players. The good news is, many of the most popular OSes, Web browsers and applications are now a tad more secure. Here is a look at last week’s security news.

Patch Tuesday Delivers Three Critical Updates: For its regularly scheduled Patch Tuesday security update, Microsoft released a total of seven bulletins, three designated with the highest severity rating of “critical,” repairing a total of 23 vulnerabilities in Microsoft Windows, Office, Silverlight and the .NET Framework.

In a blog post, Microsoft emphasized that users install MS12-034, a critical combined update repairing a total of 10 vulnerabilities in Office, Windows, .Net Framework and Silverlight. Of the vulnerabilities addressed by the collective patch, several could subject users to unwanted malware attacks if they open a malicious document or visit an infected Website that embedded TrueType font files.

In addition, Redmond recommended that users prioritize a patch that plugged another security hole in Microsoft Word, also deemed “critical,” which enabled hackers to execute malicious code remotely if users were enticed to open a specially crafted RTF file. In an attack scenario, a miscreant could compromise users via an infected Word file delivered via e-mail and convince them to open it with some kind of social engineering scheme.

Ghost RAT Plagues Amnesty International Site: Last week, human rights organization Amnesty International became the victim of a malicious hack when attackers planted malware on its Website that in turn infected unsuspecting visitors with the Gh0st RAT Trojan.

The malware exploited a common Java flaw, which hackers used to conveniently inject the site with malicious code. According to researchers at Websense, who discovered the attacks, the cyber hoods infused the Amnesty site with Java script designed to deliver Gh0st RAT onto susceptible Windows machines of Website visitors. If successfully downloaded, the malware is fully equipped to monitor and steal victims’ financial, personal and other sensitive information, as well as login credentials and passwords. Amnesty International has since rid it site of the malware.

The Gh0st RAT Trojan, first detected last year, has been incorporated into APTs in numerous sophisticated attacks thought to be initiated by Chinese hackers, making a name for itself, in particular, with the Nitro attacks on energy corporations in 2011.

Adobe Rethinks Making Users Pay For Upgrades: The good news is that Adobe released a major security upgrade last week, which, among other things, repaired a gaping security hole in Photoshop 12 (Creative Suite 5) affecting versions of the software on both Windows and Mac platforms. Trouble was, users would have had to shell out some cash to get it.

Specifically, the vulnerability occurs in the parsing of TIFF images. During a successful attack, cyber hackers could launch remote code execution attacks to enter the network with the same privileges as the user, if they were to entice a user to open a malicious TIFF file.  An attacker could typically reel in victims with social engineering schemes, subsequently tricking them into clicking on malicious TIFF files designed to download malware and compromise the user’s machine.

However, instead of developing a separate patch plugging the security hole, Adobe initially said that the fix would be incorporated as a software upgrade to the newest paid version of Photoshop, CS6.

The decision resulted in sharp backlash from users irate that they would be required to pay to update a flaw in Adobe’s software ostensibly attributed to the vendor. Following the outpouring of user sentiment against the security solution, Adobe did an about face, maintaining that it is currently in the process of developing a free patch for the users to install.

** Apple Releases Security Fixes: Apple released security updates last week repairing four security vulnerabilities in its Safari Web browser, while blocking old and vulnerable versions of Adobe’s Flash Player from running in its browser.

Altogether, products affected by the update included Safari 5.1.7 for Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion Server v10.7.4, OS X Lion v10.7.4, Windows 7, Vista, XP SP2 or later versions.

Among other things, Apple’s latest update prevented Adobe’s Flash Player from accessing Safari in version 10.1.102.64 and earlier. Since then, Adobe has released Flash Player 11 for the Mac.

In addition to preventing older versions of Flash Player from taking hold in Safari, the update repaired four security vulnerabilities occurring in WebKit–the open-source rendering engine behind both Safari and the Google Chrome Web browser–that left it susceptible to cross-site scripting attacks and memory corruption errors.

One of the vulnerabilities repaired by the update was first revealed by a researcher at Google’s Pwnium hacking contest at the CanSecWest conference in March, according to Computerworld. The researcher received a $60,000 cash prize for successfully exploiting the vulnerability to infiltrate the Chrome browser.

The U.S. Computer Emergency Readiness Team warned in an advisory that, if left unpatched, attackers could exploit the the vulnerabilities “to execute arbitrary code, obtain sensitive information, operate with elevated privileges, cause a denial-of-service condition or perform a cross-site scripting attack.”