Yahoo Apple Facebook Myspace Security Notes

If you are new here, you may want to subscribe to our feed.

This past week has seen a little spike in security activity across the web. The biggest ones that will affect the broadest swath of users are exploits for Yahoo Music Jukebox, Apple iPhoto 7.2, and the Aurigma image uploader control (which is used by the likes of facebook & MySpace).

First up to bat is Apple’s iPhoto ‘08 7.2 version. The issue is that a person who offers a specially crafted photo feed could exploit your machine. Apple issued an update to fix this security issue, so make sure you are updated.

Next up is Yahoo’s Music Jukebox version 2.x. This is an unpatched exploit that is being actively exploited in the wild. It looks like a malicious website could utilize a specially crafted html document to exploit a vulnerability in the Jukebox’s Active X control. The only solutions right now are to add this registry item:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{22FD7C0A-850C-4A53-9821-0B0915C96139}]
"Compatibility Flags"=dword:00000400

Or you can turn off Active X controls, remove the software, or wait until a patch arrives.

Finally, on deck, is Aurigma’s ImageUploader ActiveX control.  This is a control utilized by big names like Facebook and Myspace.  Again, there is no current solution for this other than editing registry items.  Here are the registry additons you can utilize:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{104B0A37-AB99-4F06-8032-8BBDC3B77DDB}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17D667BA-5675-4AAB-9221-08B9379384D4}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{48DD0448-9209-4F81-9F6D-D83562940134}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55027008-315F-4F45-BBC3-8BE119764741}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E5E167B-1566-4316-B27F-0DDAB3484CF7}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE6C4705-0F11-4ACB-BDD4-37F138BEF289}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B85537E9-2D9C-400A-BC92-B04F4D9FF17D}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BA162249-F2C5-4851-8ADC-FC58CB424243}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D1EA8D3D-F511-4388-B754-4A0CC14A4778}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1F51698-7B63-4394-8743-1F4CF1853DE1}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F89EF74A-956B-4BD3-A066-4F23DF891982}]
"Compatibility Flags"=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FB90BA05-66E6-4c56-BCD3-D65B0F7EBA39}]
"Compatibility Flags"=dword:00000400

Sources: CERT, Secunia, Milw0rm

Digg it Add to del.icio.us Stumble it add to technorati


Related Posts:

Microsoft Bidding On Yahoo!
After a bit of a hiatus from Paul-Tech, it's good to be back. The computer industry got quite a shock today...

Yahoo Messenger Active X Control Vulnerabilities
Secunia has issued an extremely critical warning (it's highest warning) for Yahoo Messenger. Both of these exploits compromise components...

OpenID Simplifies Your Online Experience
For end users like you and I, the Internet can be a very fractured place. With each new website, message...

Apple Ignored Critical QuickTime Exploit
It seems that security in this age is very hard to keep up with. There are endless exploits for...

Google Online Storage “My Stuff” Rumored
And now the race is on to give users free online storage space.  Microsoft is now offering a service called...

•