An Argentinian researcher has released the details of an exploit that enables malware plants on end user computers running iTunes, Mac OS X, Winzip and many popular programs according to a report from UK news site the Register.
Internet security firm Infobyte researcher Francisco Amato prepared a report that described Evilgrade, an exploit of the weaknesses in the automatic upgrade feature of an infected program or operating system.
Such an attack would be completely ineffective unless "a man-in-the-middle" attack has first been carried out, in which hackers sit between the victim and a trusted site to wage their attack.
But it is now gaining strength due to the domain name system vulnerability researcher Dan Kaminsky discovered earlier in the month.
Infobyte created a demo to show the effectiveness of Evilgrade when the upgrade feature on Sun's Java runtime environment can be targeted to execute arbitrary code on a fully-patched, remote machine.
Other programs Evilgrade can exploit include Winamp, Notebook, OpenOffice, Notepad++, Speedbit and the Linkedin Toolbar.
Return to hosting news headlines
View Hosting News Archive