“Once an iPhone, or any device, has been ‘broken,' the door is open. The device may then execute code or function in a way it was not designed to do,” said Derek Manky, project manager, cyber security and threat research, Fortinet. “In the case of malware attacks, the Ikee worm did precisely this last year: it relied on Jailbroken iPhones to gain unauthorized entry via SSH. Jailbroken devices can also run malicious applications, so it is plausible that a two-stage malware attack could occur.”
Two vulnerabilities were patched for Apple QuickTime on September 15, one of which was discovered by FortiGuard Labs (FGA-2010-46). The other vulnerability (CVE-2010-1818) was a critical issue that bypassed Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection technologies using QuickTime. Fortinet research has determined that there are in-the-wild flash samples actively trying to exploit this vulnerability.
FortiGuard Labs compiled threat statistics and trends for September based on data collected from FortiGate network security appliances and intelligence systems in production worldwide. Customers who use Fortinet’s FortiGuard Subscription Services should already be protected against the threats outlined in this report.
FortiGuard Subscription Services offer broad security solutions including antivirus, intrusion prevention, Web content filtering and anti-spam capabilities. These services help protect against threats on both application and network layers.
0 comments:
Post a Comment