{"id":49483,"date":"2016-01-22T10:46:54","date_gmt":"2016-01-22T18:46:54","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=49483"},"modified":"2016-01-25T08:55:34","modified_gmt":"2016-01-25T16:55:34","slug":"apple-updates-xprotect-to-detect-microsoft-silverlight-exploit","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/apple-updates-xprotect-to-detect-microsoft-silverlight-exploit\/","title":{"rendered":"Apple Updates XProtect to Detect Microsoft Silverlight Exploit"},"content":{"rendered":"

Following the discovery of a Microsoft Silverlight exploit, Apple has updated its XProtect.plist malware definitions file to version 2073. This update detects the minimum bundle version for Silverlight, protecting Mac users from Microsoft Silverlight 5 before version 5.1.41212.0.<\/p>\n

\"XProtect<\/p>\n

The vulnerability that is being exploited\u00a0is described as follows:<\/p>\n

CVE-2016-0034<\/a>\u00a0: Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption) via a crafted web site, aka “Silverlight Runtime Remote Code Execution Vulnerability.”<\/p><\/blockquote>\n

The remote code execution vulnerability exists when Microsoft Silverlight 5 (before 5.1.41212.0) \u201cdecodes strings using a malicious decoder that can return negative offsets that cause Silverlight to replace unsafe object headers with contents provided by an attacker,\u201d according<\/a> to the Microsoft security team. And\u00a0to exploit the vulnerability, \u201can attacker could host a website that contains a specially crafted Silverlight application, and then convince a user to visit the compromised website,\u201d often by enticing them to click a link in an email or instant message.<\/p>\n

Exploit kits are typically based on a “drive-by download attack” delivery technique, and installation can start silently in the background simply by visiting a website.<\/p>\n

Microsoft confirmed the zero-day (CVE-2016-0034) and issued a patch on January 12, 2016. The update to Microsoft Silverlight 5.1.41212.0 addresses this vulnerability by correcting how Microsoft Silverlight validates decoder results.<\/p>\n

Intego VirusBarrier<\/a> with up-to-date malware definitions protects Mac users against the Microsoft Silverlight exploit, detected as W32\/CVE-2016-0034<\/strong>. Most importantly, Intego VirusBarrier will detect known malware downloaded with any application, while Apple’s XProtect system only functions with files downloaded by certain programs\u2014primarily Apple software, such as its Safari web browser, Mail and iChat\u00a0applications.<\/p>\n","protected":false},"excerpt":{"rendered":"

Following the discovery of a Microsoft Silverlight exploit, Apple has updated its XProtect.plist malware definitions file to version 2073. This update detects the minimum bundle version for Silverlight, protecting Mac users from Microsoft Silverlight 5 before version 5.1.41212.0. The vulnerability that is being exploited\u00a0is described as follows: CVE-2016-0034\u00a0: Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative […]<\/p>\n","protected":false},"author":4,"featured_media":8753,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190,5],"tags":[3151,2662,2659,2656,303,982],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\n\n\t\n\t\n\t\n