Feeds

Exploit code targets Mac OS X, iTunes, Java, Winzip...

Time for an Evilgrade

Secure remote control for conventional and virtual desktops

A researcher from Argentina has released an exploit package that can install malware on end user machines that run iTunes, Mac OS X, Winzip and a host of other popular software.

Evilgrade is the brainchild of Francisco Amato and works by exploiting weaknesses in the automatic upgrade feature of an affected program or operating system. It works only when a man-in-the-middle attack has first been carried out, but thanks to the domain name system vulnerability that has dominated security coverage ever since researcher Dan Kaminsky sounded the alarm three weeks ago, that's not much of a problem.

The demo here shows just how effective Evilgrade is now that the exploit code for the devastating DNS bug was folded into Metasploit. It shows how the upgrade feature on Sun's ubiquitous Java runtime environment can be targeted to remotely execute arbitrary code on a fully-patched machine.

In addition to iTunes, Mac OS X, Winzip and Java, other programs that Evilgrade can attack include Winamp, Notebook, OpenOffice, Notepad++, Speedbit and the Linkedin Toolbar.

Amato, of Infobyte Computing Security Research, isn't the only researcher who's been thinking about security weaknesses in updating features. Security consultant Derek Callaway of Security Objectives has recently issued advisories warning against serious vulnerabilities in both Lenovo laptops and Cygwin, a tool that creates a Linux-like environment on Windows PCs. Like the exploits carried out by Evilgrade, the attacks Callaway warns of also rely on a man-in-the-middle condition, in which attackers are able to sit in between the victim and a trusted site.

The DNS bug discovered by Kaminsky isn't the only way to create a man-in-the-middle condition. Other attacks involving DNS, ARP and DHCP spoofing can also suffice, and with the recent release of a program called KARMetaSploitt (a combination of Metasploit and KARMA that's included within the latest BackTrack LiveCD), there's yet another menu-driven way to achieve the effect. ®

New hybrid storage solutions

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.