But as is often the case, some web servers and individual blogging applications remain unpatched. The Internet Storm Center has been receiving reports of attacks that install a remote access trojan through a weakness in the XML-RPC function in some PHP libraries, which allow applications to exchange XML data using remote procedure calls (RPC). XML-RPC has many uses in web applications, including “ping” update notifications for RSS feeds. The affected libraries, including PHPXMLRPC and Pear XML-RPC, are included in many interactive applications written in PHP.
The flaws may be of particular interest to phishing operations, which have recently been installing spoof pages through security holes in bulletin boards and content management apps. Updated copies of the affected PHP libraries are now available, and immediate upgrades are recommended.