Security Flaws & Fixes - W/E - 072117
Apple Posts Updates, Boots Broadpwn Vulnerability (07/19/2017)
Apple released updates for tvOS. iTunes for Windows, iCloud for Windows, Safari, macOS Sierra, iOS, and watchOS. Among the fixes is a patch for the Broadpwn vulnerability, which affects some Broadcom Wi-Fi chipsets and is found in some devices using macOS, iOS, watchOS, and tvOS.
Apple released updates for tvOS. iTunes for Windows, iCloud for Windows, Safari, macOS Sierra, iOS, and watchOS. Among the fixes is a patch for the Broadpwn vulnerability, which affects some Broadcom Wi-Fi chipsets and is found in some devices using macOS, iOS, watchOS, and tvOS.
Cisco Addresses Vulnerabilities in IOS and IOS XE Software (07/17/2017)
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. Cisco has releasedsoftware updates. There are also workarounds that address the vulnerabilities.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. Only traffic directed to an affected system can be used to exploit these vulnerabilities. Cisco has releasedsoftware updates. There are also workarounds that address the vulnerabilities.
Critical Devil's Ivy Bug Found in Third-Party Code and Affects Millions of Devices (07/19/2017)
A critical bug in gSOAP, an open-source, third-party code library used in many different Internet of Things devices, can end up crashing systems or unleashing remote code executions. Researchers at Senrio first discovered the "Devil's Ivy" bug in the Axis Communications M3004 security camera. When exploited, Devil's Ivy allows an attacker to remotely access a video feed or deny the owner access to the feed. Since these cameras are meant to secure something, like a bank lobby, this could lead to the collection of sensitive information or prevent a crime from being observed or recorded. Axis found that 249 of its camera models were vulnerable and has been patching its firmware and instructing partners to apply the updates. However, many other manufacturers are affected and Senrio stated, "Software or device manufacturers who rely on gSOAP to support their services are affected by Devil's Ivy, though the extent to which such devices may be exploited cannot be determined at this time. Based on our research, servers are more likely to be exploited. But clients can be vulnerable as well, if they receive a SOAP message from a malicious server."
A critical bug in gSOAP, an open-source, third-party code library used in many different Internet of Things devices, can end up crashing systems or unleashing remote code executions. Researchers at Senrio first discovered the "Devil's Ivy" bug in the Axis Communications M3004 security camera. When exploited, Devil's Ivy allows an attacker to remotely access a video feed or deny the owner access to the feed. Since these cameras are meant to secure something, like a bank lobby, this could lead to the collection of sensitive information or prevent a crime from being observed or recorded. Axis found that 249 of its camera models were vulnerable and has been patching its firmware and instructing partners to apply the updates. However, many other manufacturers are affected and Senrio stated, "Software or device manufacturers who rely on gSOAP to support their services are affected by Devil's Ivy, though the extent to which such devices may be exploited cannot be determined at this time. Based on our research, servers are more likely to be exploited. But clients can be vulnerable as well, if they receive a SOAP message from a malicious server."
Juniper's ScreenOS Gets Update to Fend Off XSS Bugs (07/17/2017)
A security researcher testing a Juniper NetScreen Firewall+VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. ScreenOS has been updated to add checks to prevent scripts in WebUI strings.
A security researcher testing a Juniper NetScreen Firewall+VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. ScreenOS has been updated to add checks to prevent scripts in WebUI strings.
Oracle Makes History with Updates to Fix 308 Vulnerabilities (07/19/2017)
Oracle has fixed more than 300 bugs in its July Critical Patch Update Advisory. The update addresses 308 vulnerabilities, the largest of Oracle's patches to date, across such product lines as Fusion Middleware, Java SE, MySQL, Sun Systems suite, Oracle's retail applications, and more. Oracle noted in the advisory that it continues to receive reports of attempts to exploit vulnerabilities that it has previously fixed. The vendor "strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay."
Oracle has fixed more than 300 bugs in its July Critical Patch Update Advisory. The update addresses 308 vulnerabilities, the largest of Oracle's patches to date, across such product lines as Fusion Middleware, Java SE, MySQL, Sun Systems suite, Oracle's retail applications, and more. Oracle noted in the advisory that it continues to receive reports of attempts to exploit vulnerabilities that it has previously fixed. The vendor "strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes without delay."
Researcher Finds Easily Hackable Bug on MySpace (07/18/2017)
Security researcher Leigh-Anne Galloway has discovered a flaw in MySpace in which an attacker can use public information and brute-force attacks to gain access to any account utilizing the "Do Not Have Access to Old Email Address" form. Galloway contacted MySpace in April and received an automated reply but has had no further contact from the social media site, so she has released details about the vulnerability on her blog.
Security researcher Leigh-Anne Galloway has discovered a flaw in MySpace in which an attacker can use public information and brute-force attacks to gain access to any account utilizing the "Do Not Have Access to Old Email Address" form. Galloway contacted MySpace in April and received an automated reply but has had no further contact from the social media site, so she has released details about the vulnerability on her blog.
Researchers Uncover Security Bugs in Popular Hoverboard (07/19/2017)
Critical vulnerabilities in the Segway Ninebot MiniPro hoverboard could result in safety issues, the researchers at IOActive have warned. An attacker can exploit vulnerabilities in the hoverboard's app and end up disabling the motor which brings the device to a complete stop and potentially enables the rider to fly off and get hurt. Disabling the motor also enables the attacker to force the device to change directions.
Critical vulnerabilities in the Segway Ninebot MiniPro hoverboard could result in safety issues, the researchers at IOActive have warned. An attacker can exploit vulnerabilities in the hoverboard's app and end up disabling the motor which brings the device to a complete stop and potentially enables the rider to fly off and get hurt. Disabling the motor also enables the attacker to force the device to change directions.
Rockwell Automation Updates MicroLogix 1100 Controllers (07/19/2017)
Rockwell Automation's MicroLogix 1100 Controllers are vulnerable to an improper input validation, which could result in a denial-of-service condition. The vendor has posted an advisory for customers as well as recommended updating to the latest firmware version. The ICS-CERT posted its own advisory with further information.
Rockwell Automation's MicroLogix 1100 Controllers are vulnerable to an improper input validation, which could result in a denial-of-service condition. The vendor has posted an advisory for customers as well as recommended updating to the latest firmware version. The ICS-CERT posted its own advisory with further information.
Siemens Releases Security Update for SIMATIC Sm@rtClient Android App (07/17/2017)
The latest update for the Siemens SIMATIC Sm@rtClient Android app fixes two vulnerabilities. One of the vulnerabilities could, under certain conditions, allow an attacker in a privileged network position to read and modify data within a TLS session.
The latest update for the Siemens SIMATIC Sm@rtClient Android app fixes two vulnerabilities. One of the vulnerabilities could, under certain conditions, allow an attacker in a privileged network position to read and modify data within a TLS session.
Siemens Updates SiPass integrated to Fix Vulnerabilities (07/17/2017)
Siemens has reported that its SiPass integrated access control system is affected by a variety of vulnerabilities. The newest release, V2.70 of SiPass integrated, resolves these issues.
Siemens has reported that its SiPass integrated access control system is affected by a variety of vulnerabilities. The newest release, V2.70 of SiPass integrated, resolves these issues.
Siemens Warns of Windows XP Bugs in Healthineers Products (07/17/2017)
Select Molecular Imaging products from Siemens Healthineers are affected by certain Microsoft Windows XP vulnerabilities. The exploitability of the vulnerabilities depends on the actual configuration and deployment environment of each product. Siemens is working on updates for affected products and recommends specific countermeasures until fixes are available. The affected products are listed in an advisory.
Select Molecular Imaging products from Siemens Healthineers are affected by certain Microsoft Windows XP vulnerabilities. The exploitability of the vulnerabilities depends on the actual configuration and deployment environment of each product. Siemens is working on updates for affected products and recommends specific countermeasures until fixes are available. The affected products are listed in an advisory.
Stack Buffer Overflow Bug Fixed in Dahua IP Cameras' Sonia Web Interface (07/19/2017)
An alert warns that Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia Web interface that may be vulnerable to a stack buffer overflow. Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue.
An alert warns that Dahua IP camera products using firmware versions prior to V2.400.0000.14.R.20170713 include a version of the Sonia Web interface that may be vulnerable to a stack buffer overflow. Dahua has released firmware version DH_IPC-ACK-Themis_Eng_P_V2.400.0000.14.R.20170713.bin to address this issue.
WebEx Browser Extensions Receives Update for RCE Vulnerability (07/19/2017)
A vulnerability in Cisco WebEx browser extensions for Chrome and Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability was found in the browser extensions for WebEx Meetings Server, WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and WebEx Meetings when they are running on Windows. Cisco has released software updates for Chrome and Firefox that address this vulnerability. There are no workarounds.
A vulnerability in Cisco WebEx browser extensions for Chrome and Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability was found in the browser extensions for WebEx Meetings Server, WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and WebEx Meetings when they are running on Windows. Cisco has released software updates for Chrome and Firefox that address this vulnerability. There are no workarounds.