It's raining 0day's...

Whew.. ! Last 10 days have been quite busy for security folks like me. There have been 3 incidences of 0day's being discovered recently. It all started with the DirectX ActiveX vulnerability which I blogged previously. Then later, an Microsoft office web component ActiveX vulnerability was observed to be exploited in the wild. The list of domains hosting the Microsoft exploit is published & maintained at sans, so in case you are not too sure of a URL or domain, you can look it up there.

And today it's the 0day in latest Mozilla Firefox browser (3.5) ! Wow.. that's just too many goodies for the bad guys to pwn you :) ! Though there are no known cases of this vulnerability being exploited in the wild yet, it's just a matter of time. It's a standard heap-spraying kind of an exploit, but a little hard to make it reliable. I doubt it will be that popular with the bad guys mainly for two reasons - firstly, the code execution works only with WinXP SP2 - it just crashes the browser with SP3 and secondly, Firefox 3.5 has been recently released so not sure how much of a audience will be there for the bad guys. A patch for this is in process but has not been released yet so the only workaround right now is to disable JIT in the Javascript engine. Refer to the advisory here for more details on how to do that.

As if this wasn't enough, the anti-sec fellows are all over the Full-disclosure mailing lists and apparently they claim they have 0day's for SSH and Apache web server. Now, a lot of people think that these are all rumors since very little evidence has been posted regarding the SSH exploit. But they have already hacked into some websites like imageshack and astalavista to prove their point, so you never know ! These so called anti-sec fellows are now targeting hackerforum.net and Milw0rm and are openly threatening to shut them down. While I am not completely against their philosophy of vulnerability disclosure, hacking into somebody's box and executing "rm -rf /" is absolutely not the way of tackling this issue !

So, my dear friends it's never to late to patch and upgrade you systems. Firefox is a amazing browser but that doesn't mean it won't be targeted.


Update1: The Mozilla vulnerability is fixed in 3.5.1, so it's time to upgrade your browser !

Update2: There is a adobe flash 0day on the loose again ! .. The rate at which these 0day's are coming these days, looks like we will have to coin a new term for it ! :P .. Anyways, the exploit is delivered via a PDF file which is embedded with a malicious flash file - talk about new attack vectors ! Very little information is available regarding the exact vulnerability and SEO has already started doing its damage, so please be careful with what PDF's you are viewing. Will keep you posted as the mystery unfolds..