IE Users PWN3D By 0day... Again

"Hackers are exploiting the just-disclosed unpatched bug in Internet Explorer (IE) to launch drive-by attacks from malicious Web sites, security researchers said today.

"`This attack appears to be rather targeted at the moment, but as with other unpatched vulnerabilities in the past, this has the potential to explode now that the word is getting out,` said Craig Schmugar, a threat researcher at McAfee, in a blog post today.

"Attacks are launched from Web sites in a classic drive-by fashion, said Schmugar and others. `Visiting the page is enough to get infected,` Schmugar said."

From ComputerWorld...

PDF Pwnage Continues Unabated

"Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.

"Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company's previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.

"`Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,` the security site warned. `Failed attempts will likely result in denial-of-service conditions.`

"The bug is presently being exploited in `limited targeted attacks,` Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems."

More at The Register...

iPwn3d

"On Thursday, two researchers plan to reveal an unpatched iPhone bug that could virally infect phones via SMS.

"If you receive a text message on your iPhone any time after Thursday afternoon containing only a single square character, Charlie Miller would suggest you turn the device off. Quickly.

"That small cipher will likely be your only warning that someone has taken advantage of a bug that Miller and his fellow cybersecurity researcher Collin Mulliner plan to publicize Thursday at the Black Hat cybersecurity conference in Las Vegas. Using a flaw they've found in the iPhone's handling of text messages, the researchers say they'll demonstrate how to send a series of mostly invisible SMS bursts that can give a hacker complete power over any of the smart phone's functions. That includes dialing the phone, visiting Web sites, turning on the device's camera and microphone and, most importantly, sending more text messages to further propagate a mass-gadget hijacking."

More at Forbes.com...

Patch Tuesday Brings 0day Relief

"A critical ActiveX vulnerability used by hackers to exploit Microsoft Corp.'s Internet Explorer browser is a prime candidate for another Conficker-scale attack, security experts said.

"On July 6, just hours after security companies reported that thousands of compromised sites were serving up exploits, Microsoft acknowledged the flaw in the ActiveX control that can be accessed using IE. The bug has been used by hackers since at least June 9.

"Microsoft said it will issue a patch for the flaw on July 14..."

More at ComputerWorld...