Items tagged with exploit
On the eve of its big iPhone 13 unveil, Apple was forced to issue a new software update for its iPhone, iPad, and Mac product lines. As a result, iOS 14.8 and iPadOS 14.8 are now available for the iPhone and iPad, respectively, while Apple issued macOS 11.6 for Macs. One of the driving factors behind the release of the software updates is a so-called "zero-click" security exploit developed by NSO Group. Citizen Lab has labeled the exploit FORCEDENTRY, and it uses iMessage as an attack vector. Victims were sent files with a .gif extension through iMessage that were actually "maliciously crafted" PDF files that could result in arbitrary code execution. FORCEDENTRY is so dangerous because it's considered...
Read more...
Earlier in July, the PrintNightmare vulnerability was discovered, wherein a threat actor could exploit the vulnerability to gain system-level access to a device. This was only speculation at first, but that has now changed, as cybersecurity researcher Benjamin Delpy has shown. Since the discovery of PrintNightmare, Delpy has been working to both investigate and exploit it for research purposes. Initially, he reported that he could achieve both remote code execution and local privilege escalation using PrintNightmare on a fully patched server with “Point & Print” enabled. Following that development, Delpy was more recently able to create a web-hosted printer that leveraged the...
Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure. Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication...
Read more...
Yesterday, we reported that CD Projekt Red sent out a warning that was effectively against "downloading mods", but it appears that we did not have the full story from the developers of Cyberpunk 2077. According to users on the CD Projekt Red forums, the Cyberpunk 2077 devs are partially to blame for what seems to be several vulnerabilities used in conjunction, which led to the outcry. Yesterday, forum user yamamushi replied to the main warning thread, which disclosed a vulnerability in Cyberpunk 2077. He explained that since the announcement, modders were getting blamed for the vulnerability when that line of reasoning was entirely wrong. Specifically, "What CDPR posted [in the thread]...
Read more...
In May of this year, Apple patched a silent but deadly exploit that went after iPhones using specially crafted wireless payloads. This exploit is a simple memory corruption attack that allows any malicious person to do whatever they want to an iPhone: be it collecting data such as images and messages, or shutting down the device entirely. First unveiled on Tuesday, the exploit is spectacular to watch and learn about over the course of the 30,000-word writeup. This exploit was discovered by Ian Beer of Google’s Project Zero earlier this year. As he was locked away at home due to the COVID-19 pandemic, he used his time to create a “wormable radio-proximity exploit” which lets...
Read more...
Attackers with physical access to a device can generally do the most damage to a machine. This remains true with CVE-2020-8705, where an attacker with physical access can gain control of the system firmware while the device resumes from a sleep state. This means there could be privilege escalations, data loss, and more depending on what the primary motives of the attacker. Therefore, Intel users need to patch their systems and prevent unwanted physical access. According to Trammell Hudson, CVE-2020-8705, or “Sleep Attack,” occurs when Intel x86 computers enter the sleep state called “S3.” The sleep state turns off the CPU but keeps the DRAM powered, so the CPU state must...
Read more...
TCL Android TVs have been crowding retail stores since their initial launch earlier this year. The Chinese-manufactured TVs have been a “budget-option” that works well enough for most and is a steal compared to the competition. When you get a TCL 65” TV for $229, though, is cybersecurity at the top of your mind? If not, you are in for a surprise. Security researcher and hacker SickCodes seems to be a jack-of-all-trades, continually poking at devices to see what exploits he can find. At the end of September, he looked at “low-end Android boxes,” things such as TV sticks, boxes, Smart TVs, and Android TVs. As he explains, they are all basically “like a little...
Read more...
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system. The team at Sophos Labs explains that in “tcpip.sys, a logic error in how the driver parses ICMP messages can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option.” The IPv6 router advertisement packet sends too much data and creates a buffer overflow, which corrupts the system memory stack. This corruption sends the whole operating system toppling....
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend. The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further. Earlier in August, Microsoft released a patch to mitigate the vulnerability for...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction. According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
A new security vulnerability has now been detailed that exposes portions of your device’s Wi-Fi traffic to nefarious individuals. The Kr00k vulnerability was disclosed today by ESET researchers presenting at the RSA Security Conference. The problem lies with Wi-Fi chips that were manufactured by Broadcom and Cypress Semiconductor, and Kr00k would allow anyone with the proper tools within close proximity to your Wi-Fi network to bypass WPA2 encryption. Kr00k takes advantage of a period of a time when a device disconnects from a network either when roaming from access point to access point, or when it is forced off in a suspicious manner. After the targeted device then reconnects to the network,...
Read more...
It seems as though we can't escape a single week without hearing about a new widespread security exploit that puts us all at risk. This week, the newly detailed attack taking center stage is called Simjacker, and it was revealed by the folks at AdaptiveMobile Security. As its name implies, Simjacker works primarily by exploiting the SIM cards that all of our smartphone use. As the researchers explain it, this new exploit represents a "huge jump in complexity and sophistication" in comparison to other attack vectors that have propagated over mobile networks. Although Simjacker is quite an intricately-executed exploit, we'll give you a brief overview of how it claims its victims. First of...
Read more...
In the web browser world, Google Chrome is tops and is offered on multiple platforms including Windows 10, macOS, Linus, iOS and Android. however, web developer named Jim Fisher has found an exploit that nefarious developers can use to trick Chrome on Android users into thinking they are on a legitimate website. Fisher shows on his blog how a website can replace the Chrome for Android address bar and tabs UI using a few tricks. All Chrome for Android users know that when you scroll down a page using the browser, the top of the UI with your address bar and tabs are hidden from view. Fisher found that the scrolling of the page could be "jailed" so when the user scrolls back up the page, the...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease. Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS...
Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element of Spectre's variant 1 to circumvent the system management range register (SMRR) protection of...
Read more...
WhatsApp users have been forwarding a message around that some might find incredibly annoying. The message will cause the app to hang for a bit, after which it will then function normally. No malicious content is transferred with the message according to reports. The message reads "If you touch the black point your WhatsApp will hang." The message is then forwarded by a black dot and in some cases emojis. Naturally, a good portion of the people who get it can't resist the temptation to touch the black dot. As for why the message can cause WhatsApp to hang, it has to do with symbols included in the message that WhatsApp doesn’t recognize. Since the app doesn't recognize the characters,...
Read more...
If you grabbed the free Super Mario Odyssey DLC that landed this week and have encountered what appear to be cheaters in Nintendo's Luigi's Balloon World game, you know the frustration that some folks are likely going through right now. These cheating players are using a glitch in a game that allows them to move through walls to hide the balloons, that players are tasked with finding, in areas that are out of bounds to honest players that are not exploiting the glitch. If you are unfamiliar with the Balloon World mode, it's sort of like a game of hide and seek from your childhood, only the hider is placing balloons in the worlds of the game and then the seekers must go and find them. If...
Read more...
If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a side effect. Today, we're learning more about what exactly is going on, and that there are not one, but actually two vulnerabilities that have been disclosed. It's bad enough that one of them targets Intel processors, but the second affects ALL modern processors as well -- including those based on architectures from Intel, AMD and ARM. So, we present to you Meltdown and Spectre....
Read more...
Microsoft and Google don't have that much love for each other. The two are rivals in the search market with Google being far and away the most popular search engine, leaving Bing with the table scraps. Google also has the most popular mobile operating system forcing Microsoft to admit that its mobile OS is dead. Google also went public with a Windows flaw bask in February that Microsoft was slow to patch, seemingly as a way to shame Redmond into patching the issues. Microsoft is now hitting back at Google with a bit of admonishment for a security issue in the Chrome browser. Reports indicate that Microsoft found a Chrome vulnerability last month and outlined how the browser could be exploited....
Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to...
Read more...
