Items tagged with vulnerability
Microsoft is plugging a security hole with a new Critical-rated security update. The patch will fix an issue in Windows and OpenType fonts that could expose users to malicious website content. So long as you have automatic updates enabled, your PC will download and install the patch, if it hasn’t already. “This security update resolves a vulnerability in Windows that could allow remote code execution if a user opens a specially crafted document or goes to an untrusted webpage that contains embedded OpenType fonts,” Microsoft said in a statement. It deems the hole dangerous enough to have released the update ahead of its typical Tuesday patch. The vulnerability is exploitable due to the way Windows Adobe Type...
Read more...
We reported last week on a new zero-day vulnerability in Adobe Flash that was revealed following the leak of data from the Italian hacking group "Hacking Team". It's hardly a surprise when such a vulnerability is found in either Flash or Java, and as sad as it is, it's not even surprising to learn that two more have been found. Oy! The latest vulnerabilities, named CVE-2015-5122 and CVE-2015-5123, are considered critical, and affect the Flash player on Windows, OS X, and Linux. A verbatim threat to last week's vulnerability, "successful exploitation could cause a crash and potentially allow an attacker to take control of the affected...
Read more...
This week, something nearly as common as breathing happened: a severe Adobe Flash vulnerability was revealed. How this one came to be, however, is far more interesting than most. Earlier this week, a well-known Italian hacking group called 'Hacking Team' was itself hacked. On Monday, the group's Twitter account was hijacked to post a link to a torrent file that includes about 400GB worth of its data. We're now finding out that this data could have huge repercussions for software vendors and regular consumers alike. Because Hacking Team's efforts largely revolve around exploiting bugs in popular software, it's almost of no surprise to see Adobe Flash listed among those affected. It's also of little...
Read more...
Jan Souček, a security researcher from Prague, has uncovered a vulnerability in the security of the iOS Mail application that nefarious types can deploy against users of the app to gain access to their iCloud passwords. The method published by Souček illustrates how an email can be sent to the hapless victim that uses HTML code that mimics the iCloud login pop-up window upon receipt. Then, after said victim has inadvertently tapped their iCloud password into the window's Password field and clicked OK, an email is sent back to the sender with that critical information. Specifically, the app vulnerability lies at the feet of a bug in the Mail app that prevents the HTML tag in e-mail...
Read more...
After mainboard vendors began adopting EFI en masse in recent years, security researchers all over have dissected the many different implementations out there to find that elusive crippling bug. Sometimes, though, such bugs are not actually elusive at all, like one just discovered by reverse engineering enthusiast fG. fG starts off his report by pointing out two excellent presentations revolving around EFI exploitation, and how this new one relates to one of those. At any point while using your PC, your EFI should never become exposed to write commands, but fG notes that this isn't the case on Macs older than mid-2014. In fact, the bug can be exploited from the desktop - all it requires is that...
Read more...
It's beginning to look like the latest hotness in the vulnerability world is crashing applications with simple strings of text. We just talked about such a bug that's stricken iOS a mere week ago, and already another one has come to the surface. This time, Skype is in the crosshairs, and this is a bug even easier to replicate than the iOS one. All you have to do is type in the characters "https://:" and send it, and that somehow causes Skype to become inoperable for a time. The bug does not seem to affect the "modern" version of Skype in Windows 8, nor the Mac version, and I'd also assume the Linux version (I am too scared to test!). It has been verified to work with the Windows, Android,...
Read more...
Given their importance, it'd be easy to believe that an institution such as the IRS would have sufficient security measures in place to protect our data - the tax information of everyone in the United States. As we discovered last week though, that's not at all the case. We learned on Wednesday that at least 100,000 personal tax records were snatched illegally from the IRS, not with the intent of making a statement, but instead to steal identities. It didn't take long before someone got the blame, and that someone, or country, was Russia. In case it hasn't been evident enough lately, Russia really doesn't like the U.S. right now. We learned last month that Russian hackers actually gained some...
Read more...
We posted earlier this week about a bizarre bug that strikes when a specific text message is received by an iOS user, either via Messages or SMS. Composed of various unicode characters, receiving this specific message can lock up the device, and render the Messages app useless until the bug is dealt with. When the bug leaked to the Web earlier this week, there were some suggestions of how to fix it, but now Apple itself has jumped in with suggestions of its own. With an iPhone or other bugged iOS device at-the-ready, you'll need to ask Siri to "read unread messages". Then, with the malicious message selected, you can ask Siri to reply to it -- not type a reply in manually. Once that's done, Apple...
Read more...
Is it possible to take control of an airplane using an infotainment system as a gateway? Chris Roberts, a well-known hacker and security researcher with One World Labs, claims that it is. The FBI, who is investigating Roberts' claims, is taking no chances that he's incorrect. On April 15, Roberts posted this tweet: Find myself on a 737/800, lets see Box-IFE-ICE-SATCOM, ? Shall we start playing with EICAS messages? "PASS OXYGEN ON" Anyone ? :)— Chris Roberts (@Sidragon1) April 15, 2015 It's as if Roberts was looking for trouble. And if that's the case, he certainly got it. Upon landing, he was greeted by two FBI agents and two police officers, and was then interrogated for a couple of hours. Before...
Read more...
Data security research player CrowdStrike is reporting a security flaw that could allow hackers to exploit and take over data centers from within. Given the nasty moniker "VENOM" (for "Virtualized Environment Neglected Operations Manipulation"), the vulnerability CrowdStrike uncovered is present in a common component — a legacy floppy drive controller — that is widely used in virtualization platforms and appliances. The seriousness of the VENOM vulnerability rests on how it circumvents an essential barrier used by cloud service providers to segregate customer data. Thus, infiltrators who are able to gain access to one virtual environment can subsequently move from there into the cloud entity's...
Read more...
A serious flaw has been discovered in the software component of some routers that feature a Realtek chipset. In particular, routers that utilize a Realtek RTL81XXX chipset and also use the 1.3 SDK (or older, potentially), are vulnerable to an exploit that could see executable code run as root. Because it's not obvious what chipset most routers will use, ITworld shares an extremely helpful link that will let you search for whichever one you use. It should be stressed, though, that not every affected router may be listed here, and it still hasn't been ruled-out if versions older than the 1.3 SDK are vulnerable as well. Based on that list, TRENDnet and D-Link seem to have the greatest share of impacted...
Read more...
Another day, another story about a poor SSL implementation. According to analytics service SourceDNA, a staggering 1,500 iOS apps are bugged with a gaping HTTPS hole, allowing attackers to intercept traffic that should otherwise be secure. The bug exists in a popular networking library called AFNetworking. If an app was built with version 2.5.1, it's vulnerable, whereas with 2.5.2, released a few weeks ago, is not. It'd be easy to write this issue off as one that affects a small number of developers, but SourceDNA says that even apps from Microsoft, Uber, and Yahoo were all affected. Those apps have since been fixed, but the other 1,500 problematic ones remain. What's not entirely clear is if...
Read more...
Swedish hacker Emil Kvarnhammar is reporting that an unpublished OS X API — he dubs it a "backdoor" — can be used by nefarious types to gain root access through local users without Administrator status on Mac computers that have not yet been migrated to the 10.10.3 iteration of OS X, which was released just two days ago. "The admin framework in Apple OS X contains a hidden backdoor API to root privileges [that] can be exploited to escalate privileges to root from any user account in the system," Kvarnhammar says in an advisory. "The intention was probably to serve the System Preferences app and systemsetup command-line tool, but any user process can use the same functionality. This is a local...
Read more...
The latest version of Firefox came out at the end of March and brought a lot to the table, although like most browser version jumps nowadays, spotting all of what's new can be difficult. At the forefront, Firefox 37 introduced a "heartbeat" user rating system, which helps you provide useful feedback to Mozilla, and for those Bing users among you, searches now default to a secure protocol. And speaking of protocols, that ties into a significant addition to Firefox 37: HTTP/2 support. At the moment, HTTP/2 in general is not widely supported, and in fact, it's not even "finalized" quite yet. But, for developers wanting to toy around with it, the option is now there. Unfortunately, though, this HTTP/2...
Read more...
Threat researcher Zhi Xu is reporting a widespread vulnerability in Google's Android operating system that is capable of exposing up to 49.5% of users to spyware, via a two-front alliance formed between apps downloaded from Google Play and from legitimate third-party app stores such as Amazon and Samsung. Given the not-very-creative name "Android Installer Hijacking", the vulnerability reported by Xu — who is a senior engineer at Palo Alto Networks — allows potential attackers to modify or replace seemingly benign Android apps with malware without the user's knowledge. In the event scenario, the attack begins with an innocent-seeming app downloaded from Google Play first becoming entrenched....
Read more...
Whenever a software flaw is discovered and is then patched, it's not often that we'll ever hear about it again (the exceptions are those that do big damage). It's even more rare when we end up hearing about a "medium" bug again four years later. Such is the case of a vulnerability affecting Adobe Flash (don't act surprised!) To be more specific, CVE-2011-2461 is tied to Adobe's Flex SDK, which developers can use to compile their Flash project for exporting to an .SWF file. In older versions of Flex (3.x and 4.x), compiled SWF files allow the injection of a script or HTML, which it can pull off through the module loading mechanism. If someone visits a website with an affected SWF file, requests...
Read more...
It's always fun to see which security flaws get exploited at Pwn2Own, and this year's event has proven to be no exception. In fact, it could be considered to be one of the most exciting events to date, with JungHoon Lee exploiting three major browsers, and securing a record $110,000 payout for one of the flaws. Starting the day off, JungHoon (aka: lokihardt) breached a time-of-check to time-of-use vulnerability in the 64-bit version of Internet Explorer, breaking out of the sandbox via a privileged JavaScript injection, allowing him to execute medium-integrity code. This flaw netted JungHoon $65,000. His second proof-of-concept was the big one, worth $110,000. It affects both the stable and beta...
Read more...
Until the web at large adopts the open HTML5 <video> tag, there will still be some sites that continue to use Adobe's proprietary Flash Player runtime. Assuming you have the Flash Player installed, either on your Windows box or Mac machine, be advised that there's a "critical" vulnerability affecting both platforms. "Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system," Adobe stated in a Security Advisory. "We are aware of reports that this vulnerability is being actively exploited in the wild via drive-by-download attacks against systems running Internet Explorer and Firefox on Windows 8.1 and below." Affected software versions...
Read more...
Last January, some six or so months after Edward Snowden exposed much of the NSA's shady behavior to the world, a smartphone was announced that promised unparalleled levels of security. Called BlackPhone, we followed-up a month later to provide a price, $629, and some specs. Quad-core, 2GB of RAM, 16GB storage... all standard fare for a good phone. Given the promises of BlackPhone, it goes without saying that most of its owners would feel truly secure while using their device - and yes, I'd say that they would have definitely had an advantage security-wise versus using a regular phone. But, what we see reassured today is that nothing tech-wise is bulletproof, even if it's touted as such. In fact,...
Read more...
At this point, I think it's safe to call the security level of Adobe's Flash player "asinine". Sometimes, it feels like full-blown OSes, such as Windows, have far fewer bugs. When is the last time you remember having to update your OS with an emergency patch? Now how about Adobe Flash? Exactly. Well, since Adobe didn't put it in its New Years' resolutions to release more secure software, this is a reality that's not going to change too soon. Yesterday, the company issued a patch for bug CVE-2015-0311, one that exposes a user's browser to become vulnerable to code injection, and the now infamous Angler EK (Exploit Kit). To fall victim to this kind of attack, all someone needs to do is visit a...
Read more...
It's as if Google is looking to start a digital war -- or at least get back at Microsoft for using its minor patents to battle Android. Earlier this month, we reported on a significant Windows bug that Google, through its Project Zero site, exposed to the world after Microsoft failed to patch it up within Google's strict 90-day window. That led to some cheers for Google from some, and sympathy for Microsoft from others. Well, Google balks at that sympathy. This week, it released two more Windows bugs through Project Zero, as they also exceeded their 90-day windows. You might think that after the last incident, Microsoft would do whatever it could to avoid it from...
Read more...
Dell's SecureWorks Counter Threat Unit (CTU) has just discovered a new piece of malware that it dubs "Skeleton Key". Besides being one of the coolest-named pieces of malware ever, Skeleton Key provides access to any user account on an Active Directory controller without regard to supplying the correct password. As in-memory malware, Skeleton Key is extremely difficult to detect, and it'd be totally invisible to the affected users. And while it requires admin access to the AD controller to deploy, once it is, the exploiter could wreak whatever havoc they like while disguised as an innocent user. It's not much of a benefit, but there is one major limitation of Skeleton Key: it needs to be reapplied...
Read more...
