Although this is more Apple news it seems that there is a flaw (everyone stop to gasp) in the new iPhone OS 3.0 Software. This flaw revolves around how the iPhone handles SMS messaging.

According to very limited details it seems that the undisclosed flaw could allow malicious code to be inserted giving an evildoer root access to the thermally challenged device.

Charlie Miller, the person who discovered the flaw went on to say that despite the SMS flaw that the iPhone OS is still very secure. He praised Apple’s decision to remove Flash and Java (despite advertising a full and “real” internet experience) stating that they are potential vectors for attack.

Others disagree with Mr. Miller as there are always ways to protect from flaws in add-ons and say that Apple’s removal of these features, requiring signed code and restricting applications is just a way to control the phone and of course generate more revenue.

With the release of the SDK for iPhone OS 3.1 and the beta version of the OS we know that Apple will be releasing that sometime very soon (rumors put it out on July 17th). Although many other fixes and features were mentioned with the new OS, this was one that got past the official release.

In what is surely not a coincidence two new Viruses for Apple’s OSX operating system have popped up in the wild. One targets people that visit porn sites and the other a new version of an older worm.

These announcements fly in the face of the advertisements that Apple pushes claiming that Macs are immune to viruses; but in the end there is no such thing as a virus immune OS.

If you own a Mac, it is highly recommended that you have Malware protection as threat is growing. It seems hackers have caught on to the generally unprotected nature of the OSX operating system and are beginning to target them.

Read more here.

Sophos on Wednesday discovered a new version of the Mac OS X Tored worm, according to a Sophos blog post.
On Tuesday, Paretologic warned about a porn site that was downloading malware that targets both the PC and the Mac. Mac users get redirected to the pagemac.php page, which downloads a QuickTime.dmg file, the blog post says.

Sophos explained in blog post on Thursday that visitors to the malicious porn site are told they have to download an ActiveX component to view the videos. Instead, a Trojan, dubbed OSX/Jahlavc, gets downloaded.

The popular Directshow plugin that may people use to support video playback has a flaw that Microsoft warns could be used to execute arbitrary code.

The opening relies on malformed Quick Time video files (seems to be a common thread there) and can allow for remote execution of code at the logged in users level of access.

There is no direct fix for this but MS has released a registry patch to help prevent this from being exploited. The issue does not affect Vista or Windows 7.

Grab the Reg fix here.

In a statement, the Vole said that the attacks use malicious Quicktime media files and can cause remote code execution in the context of the logged-in user.

There is no patch for the vulnerability yet, but Microsoft has created a workaround registry script that you can download and run, at the Knowledge Base Article 971778.

Hot on the heels of the Wal-Mart rumor we find that there is a problem with the way Mac OSX handles Java.

This flaw in the way the OS handles Java is present in all versions of OSX even the latest version 10.5.7. The vulnerability could be used to infect a system just by visiting a compromised page.

Once the user has browsed to that page the code can be executed at the same permissions level as the currently logged in user.

Now given the hype that Macs are impervious to malicious code it is likely that this could be easily exploited by a ne’er do well bent on hacking into your pricy and clean new Mac. After all Mac users do not have to worry about opening suspicious links do they?

The vulnerability could be used to perform what SecureMac refers to as “drive-by-downloads,” or the ability to infect a computer by simply visiting a Web page. Fuller explains that the flaw allows malicious code to run commands with the permissions of the current user.

In a post on his Web site, Fuller clearly seems upset and mystified that the vulnerability remains unpatched in the latest versions of the operating system.

“Unfortunately, it seems that many Mac OS X security issues are ignored if the severity of the issue is not adequately demonstrated,” Fuller said on his site. “Due to the fact that an exploit for this issue is available in the wild, and the vulnerability has been public knowledge for six months, I have decided to release my own proof of concept to demonstrate the issue.”