Items tagged with vulnerability

Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords.    The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically,... Read more...
After mainboard vendors began adopting EFI en masse in recent years, security researchers all over have dissected the many different implementations out there to find that elusive crippling bug. Sometimes, though, such bugs are not actually elusive at all, like one just discovered by reverse engineering enthusiast fG. fG starts off his report by pointing out two excellent presentations revolving around EFI exploitation, and how this new one relates to one of those. At any point while using your PC, your EFI should never become exposed to write commands, but fG notes that this isn't the case on... Read more...
It's beginning to look like the latest hotness in the vulnerability world is crashing applications with simple strings of text. We just talked about such a bug that's stricken iOS a mere week ago, and already another one has come to the surface. This time, Skype is in the crosshairs, and this is a bug even easier to replicate than the iOS one. All you have to do is type in the characters "http://:" and send it, and that somehow causes Skype to become inoperable for a time. The bug does not seem to affect the "modern" version of Skype in Windows 8, nor the Mac version, and I'd also assume the... Read more...
Given their importance, it'd be easy to believe that an institution such as the IRS would have sufficient security measures in place to protect our data - the tax information of everyone in the United States. As we discovered last week though, that's not at all the case. We learned on Wednesday that at least 100,000 personal tax records were snatched illegally from the IRS, not with the intent of making a statement, but instead to steal identities. It didn't take long before someone got the blame, and that someone, or country, was Russia. In case it hasn't been evident enough lately, Russia really... Read more...
We posted earlier this week about a bizarre bug that strikes when a specific text message is received by an iOS user, either via Messages or SMS. Composed of various unicode characters, receiving this specific message can lock up the device, and render the Messages app useless until the bug is dealt with. When the bug leaked to the Web earlier this week, there were some suggestions of how to fix it, but now Apple itself has jumped in with suggestions of its own. With an iPhone or other bugged iOS device at-the-ready, you'll need to ask Siri to "read unread messages". Then, with the malicious message... Read more...
Is it possible to take control of an airplane using an infotainment system as a gateway? Chris Roberts, a well-known hacker and security researcher with One World Labs, claims that it is. The FBI, who is investigating Roberts' claims, is taking no chances that he's incorrect. On April 15, Roberts posted this tweet: Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)— Chris Roberts (@Sidragon1) April 15, 2015 It's as if Roberts was looking for trouble. And if that's the case, he certainly got it. Upon landing, he was greeted... Read more...
Data security research player CrowdStrike is reporting a security flaw that could allow hackers to exploit and take over data centers from within. Given the nasty moniker "VENOM" (for "Virtualized Environment Neglected Operations Manipulation"), the vulnerability CrowdStrike uncovered is present in a common component — a legacy floppy drive controller — that is widely used in virtualization platforms and appliances. The seriousness of the VENOM vulnerability rests on how it circumvents an essential barrier used by cloud service providers to segregate customer data. Thus, infiltrators who are able... Read more...
A serious flaw has been discovered in the software component of some routers that feature a Realtek chipset. In particular, routers that utilize a Realtek RTL81XXX chipset and also use the 1.3 SDK (or older, potentially), are vulnerable to an exploit that could see executable code run as root. Because it's not obvious what chipset most routers will use, ITworld shares an extremely helpful link that will let you search for whichever one you use. It should be stressed, though, that not every affected router may be listed here, and it still hasn't been ruled-out if versions older than the 1.3 SDK... Read more...
Another day, another story about a poor SSL implementation. According to analytics service SourceDNA, a staggering 1,500 iOS apps are bugged with a gaping HTTPS hole, allowing attackers to intercept traffic that should otherwise be secure. The bug exists in a popular networking library called AFNetworking. If an app was built with version 2.5.1, it's vulnerable, whereas with 2.5.2, released a few weeks ago, is not. It'd be easy to write this issue off as one that affects a small number of developers, but SourceDNA says that even apps from Microsoft, Uber, and Yahoo were all affected. Those apps... Read more...
Swedish hacker Emil Kvarnhammar is reporting that an unpublished OS X API — he dubs it a "backdoor" — can be used by nefarious types to gain root access through local users without Administrator status on Mac computers that have not yet been migrated to the 10.10.3 iteration of OS X, which was released just two days ago. "The admin framework in Apple OS X contains a hidden backdoor API to root privileges [that] can be exploited to escalate privileges to root from any user account in the system," Kvarnhammar says in an advisory. "The intention was probably to serve the System Preferences app and... Read more...
The latest version of Firefox came out at the end of March and brought a lot to the table, although like most browser version jumps nowadays, spotting all of what's new can be difficult. At the forefront, Firefox 37 introduced a "heartbeat" user rating system, which helps you provide useful feedback to Mozilla, and for those Bing users among you, searches now default to a secure protocol. And speaking of protocols, that ties into a significant addition to Firefox 37: HTTP/2 support. At the moment, HTTP/2 in general is not widely supported, and in fact, it's not even "finalized" quite yet. But,... Read more...
Threat researcher Zhi Xu is reporting a widespread vulnerability in Google's Android operating system that is capable of exposing up to 49.5% of users to spyware, via a two-front alliance formed between apps downloaded from Google Play and from legitimate third-party app stores such as Amazon and Samsung. Given the not-very-creative name "Android Installer Hijacking", the vulnerability reported by Xu — who is a senior engineer at Palo Alto Networks — allows potential attackers to modify or replace seemingly benign Android apps with malware without the user's knowledge. In the event scenario,... Read more...
Whenever a software flaw is discovered and is then patched, it's not often that we'll ever hear about it again (the exceptions are those that do big damage). It's even more rare when we end up hearing about a "medium" bug again four years later. Such is the case of a vulnerability affecting Adobe Flash (don't act surprised!) To be more specific, CVE-2011-2461 is tied to Adobe's Flex SDK, which developers can use to compile their Flash project for exporting to an .SWF file. In older versions of Flex (3.x and 4.x), compiled SWF files allow the injection of a script or HTML, which it can pull off... Read more...
It's always fun to see which security flaws get exploited at Pwn2Own, and this year's event has proven to be no exception. In fact, it could be considered to be one of the most exciting events to date, with JungHoon Lee exploiting three major browsers, and securing a record $110,000 payout for one of the flaws. Starting the day off, JungHoon (aka: lokihardt) breached a time-of-check to time-of-use vulnerability in the 64-bit version of Internet Explorer, breaking out of the sandbox via a privileged JavaScript injection, allowing him to execute medium-integrity code. This flaw netted JungHoon $65,000.... Read more...
1 2 Next