Virtually frightened

Two major issues to report on this week, and obviously add our two pennies worth.

The first is the re-emergence of the Android vulnerability that was (and still is actually) known as StageFright – you remember the nasty that could infect your phone by just sending you an MMS message which you didn’t even have to read?

Well bad news folks, it’s back. StageFright 2.0 can infect Android phones using infected video and media (MP3) files and what is more a bazillion Android phones are vulnerable and because Android is run by so many vendors, who are responsible for getting patches out, a nightmare scenario could be on the horizon.

This is made all the more tricky by the fact that Google has patched its stuff, and did so pretty quickly, but this just means that the bad guys can look at Google’s patches and work out how to write the exploit code. Damn and blast.

We recommend that you check to see if your Android device is vulnerable by using the droid’s at Zimperium’s testing app here.

If you are vulnerable, be very careful about the sources from where you choose to download content and look out for Android updates. What is particularly worrying is this bug applies to newer phones, the more you have, the more you stand to lose. Be aware!

Our second piece of news is that some very clever Scots security researchers Doug McLeod (of The Clan McLeod) from 7 Elements has identified a flaw in the way that VMware vCenter server versions 5.0 and 6.0 process some Java Management Extensions enabling them to be run from the outside, without authentication.

That’s right – your vCenter is vulnerable and you must get patching quickly. VMware has also fixed a couple of other nasty bugs in ESXi which affects 5.x versions, so get patching, preferably before the rugby tomorrow!

There are already MetaSploit modules to test this exploit so wild code will be along shortly.

ITC’s NetSure360° managed security service has tools to quickly identify vulnerable versions in both mobile and directly connected equipment and either put them under extra surveillance, move them to a less trusted part of the network or ban them completely (our favourite option).

If you would like to know more about anything discussed this week, please contact us on: 020 7517 3900 or email [email protected]