Security Flaws & Fixes - W/E - 071318
Adobe Swats 112 Bugs with Latest Batch of Security Fixes (07/10/2018)
Adobe has released updates for Acrobat and Reader, Connect, Experience Manager, and Flash Player. The updates consist of 112 fixes for vulnerabilities - Acrobat and Reader contained 104 of the bugs alone. Flash Player received a fix for a critical arbitration code execution issue.
Adobe has released updates for Acrobat and Reader, Connect, Experience Manager, and Flash Player. The updates consist of 112 fixes for vulnerabilities - Acrobat and Reader contained 104 of the bugs alone. Flash Player received a fix for a critical arbitration code execution issue.
Android Apps Share Pics, Video Recordings without User Knowledge (07/06/2018)
Research from a group of Northwestern University scientists shows that many Android apps on legitimate marketplaces are sharing private data without user knowledge. While analyzing media permissions and leaks from 17,260 apps across multiple Android marketplaces, the researchers found privacy issues, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. They also identified a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user or requiring any permissions.
Research from a group of Northwestern University scientists shows that many Android apps on legitimate marketplaces are sharing private data without user knowledge. While analyzing media permissions and leaks from 17,260 apps across multiple Android marketplaces, the researchers found privacy issues, including apps that over-provision their media permissions and apps that share image and video data with other parties in unexpected ways, without user knowledge or consent. They also identified a previously unreported privacy risk that arises from third-party libraries that record and upload screenshots and videos of the screen without informing the user or requiring any permissions.
Apple Patches KRACK Bug in Boot Camp (07/06/2018)
Apple issued a Wi-Fi update for Boot Camp to address the KRACK (Key Reinstallation Attack) vulnerability. A logic issue existed in the handling of state transitions and this has been addressed with improved state management.
Apple issued a Wi-Fi update for Boot Camp to address the KRACK (Key Reinstallation Attack) vulnerability. A logic issue existed in the handling of state transitions and this has been addressed with improved state management.
Apple Updates iTunes, iOS, Other Products (07/10/2018)
Apple released a number of advisories and updates for multiple products. These include updates for iTunes, iCloud, Safari, macOS High Sierra, watchOS, tvOS, and iOS. The iOS update includes a new feature, USB restricted mode, which prevents individuals, including law enforcement, from cracking the passcode using a USB device. The feature disables USB access after the phone has been locked for 60 minutes.
Apple released a number of advisories and updates for multiple products. These include updates for iTunes, iCloud, Safari, macOS High Sierra, watchOS, tvOS, and iOS. The iOS update includes a new feature, USB restricted mode, which prevents individuals, including law enforcement, from cracking the passcode using a USB device. The feature disables USB access after the phone has been locked for 60 minutes.
Cisco Releases Advisories on Multiple Products (07/11/2018)
Cisco has issued multiple advisories for its products. The vendor's StarOS is vulnerable to a denial-of-service condition while the Web-based UI of the IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware contains a command injection vulnerability.
Cisco has issued multiple advisories for its products. The vendor's StarOS is vulnerable to a denial-of-service condition while the Web-based UI of the IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware contains a command injection vulnerability.
Compass and AcSELerator Architect Have Multiple Security Issues (07/10/2018)
Schweitzer Engineering's Compass and AcSELerator Architect contain vulnerabilities that are considered serious. An ICS-CERT advisory states that the vendor has released updates to mitigate these issues. Links to the updates are available from the advisory.
Schweitzer Engineering's Compass and AcSELerator Architect contain vulnerabilities that are considered serious. An ICS-CERT advisory states that the vendor has released updates to mitigate these issues. Links to the updates are available from the advisory.
Facebook Quiz Apps Exposed User Data for Years (07/06/2018)
Popular quizzes on Facebook exposed information for more than 120 million users even if they deleted the apps, according to researcher Inti De Ceukelaire who wrote an article about his findings on Medium. Nametests,com, the site behind many of the popular Facebook quizzes, patched a privacy bug that leaked data on users, including those who had deleted the app. De Ceukelaire found that when loading a personality quiz, the Nametests site would grab his personal information and display it. He knew that this shouldn't occur but then noticed that the data request from the Nametests site was wrapped in JavaScript so it could be shared with other sites. Thus, any third party could request personal data and receive it.
Popular quizzes on Facebook exposed information for more than 120 million users even if they deleted the apps, according to researcher Inti De Ceukelaire who wrote an article about his findings on Medium. Nametests,com, the site behind many of the popular Facebook quizzes, patched a privacy bug that leaked data on users, including those who had deleted the app. De Ceukelaire found that when loading a personality quiz, the Nametests site would grab his personal information and display it. He knew that this shouldn't occur but then noticed that the data request from the Nametests site was wrapped in JavaScript so it could be shared with other sites. Thus, any third party could request personal data and receive it.
Google Fixes Multiple Android Vulnerabilities in Its July Security Bulletin (07/06/2018)
Google issued its monthly Android Security Bulletin, which included fixes for three critical and eight high risk vulnerabilities in the 2018-07-01 security patch level. The three critical bugs are remote code execution issues, one each in Media framework, framework, and system. In the 2018-07-05 security patch level, 32 vulnerabilities were addressed - eight were rated critical and 24 were considered high risk.
Google issued its monthly Android Security Bulletin, which included fixes for three critical and eight high risk vulnerabilities in the 2018-07-01 security patch level. The three critical bugs are remote code execution issues, one each in Media framework, framework, and system. In the 2018-07-05 security patch level, 32 vulnerabilities were addressed - eight were rated critical and 24 were considered high risk.
Internet Systems Consortium Says to Upgrade Kea 1.4.0 Due to Memory Leak Bug (07/11/2018)
The Internet Systems Consortium (ISC) posted an advisory regarding a vulnerability in Kea DHCP 1.4.0 which may fail to release memory after temporarily storing client network packets. This causes a constant increase in memory consumption that can cause server resources to become exhausted, leading to loss of DHCP server functionality. The solution is to upgrade to Kea 1.4.0-P1.
The Internet Systems Consortium (ISC) posted an advisory regarding a vulnerability in Kea DHCP 1.4.0 which may fail to release memory after temporarily storing client network packets. This causes a constant increase in memory consumption that can cause server resources to become exhausted, leading to loss of DHCP server functionality. The solution is to upgrade to Kea 1.4.0-P1.
Malicious PDF Contained Two Previously Unknown Zero-Day Exploits (07/06/2018)
Microsoft, in conjunction with ESET, analyzed a potential Windows kernel bug and discovered two exploits in the same PDF. One exploit affected Adobe Acrobat and Reader, while the other impacted Windows 7 and Windows Server 2008. The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second vulnerability allows the shellcode to escape the Reader sandbox and run with elevated privileges from Windows kernel memory. An ESET researcher originally found the infected PDF and sent it to Microsoft for evaluation. Both exploits have been resolved - Adobe posted an update on May 14 and Microsoft issued a patch on May 8.
Microsoft, in conjunction with ESET, analyzed a potential Windows kernel bug and discovered two exploits in the same PDF. One exploit affected Adobe Acrobat and Reader, while the other impacted Windows 7 and Windows Server 2008. The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module. The second vulnerability allows the shellcode to escape the Reader sandbox and run with elevated privileges from Windows kernel memory. An ESET researcher originally found the infected PDF and sent it to Microsoft for evaluation. Both exploits have been resolved - Adobe posted an update on May 14 and Microsoft issued a patch on May 8.
Microsoft's July Security Batch Alleviates More than 50 Vulnerabilities (07/11/2018)
The Microsoft batch of fixes for July consists 14 updates to fix over 50 security issues across Windows, Internet Explorer, Edge, Office, and associated products. This round of patches includes remedies for critical bugs in the Internet Explorer and Edge browsers and .NET Framework.
The Microsoft batch of fixes for July consists 14 updates to fix over 50 security issues across Windows, Internet Explorer, Edge, Office, and associated products. This round of patches includes remedies for critical bugs in the Internet Explorer and Edge browsers and .NET Framework.
Mozilla Releases Thunderbird 52.9 (07/06/2018)
Mozilla fixed a number of vulnerabilities with the release of Thunderbird 52.9. Among these is a buffer overflow that could result in an exploitable crash.
Mozilla fixed a number of vulnerabilities with the release of Thunderbird 52.9. Among these is a buffer overflow that could result in an exploitable crash.
Multiple Bugs Chained Together Give Attackers Control Over WAGO HMI Devices (07/11/2018)
SEC Consult scientists posted an advisory after finding multiple bugs in WAGO's e!DISPLAY 7300T Web Panel human-machine interface products which could be put together, giving attackers complete control over the device. The researchers found the multiple reflected and one stored cross-site scripting, unrestricted file upload and file manipulation, incorrect default permissions, and remote code execution vulnerabilities and reported them to WAGO. The vulnerabilities have been remedied with the release of new firmware. WAGO has also posted its own advisory.
SEC Consult scientists posted an advisory after finding multiple bugs in WAGO's e!DISPLAY 7300T Web Panel human-machine interface products which could be put together, giving attackers complete control over the device. The researchers found the multiple reflected and one stored cross-site scripting, unrestricted file upload and file manipulation, incorrect default permissions, and remote code execution vulnerabilities and reported them to WAGO. The vulnerabilities have been remedied with the release of new firmware. WAGO has also posted its own advisory.
Multiple Vulnerabilities Found in Siemens' SICLOCK Devices (07/06/2018)
Siemens' SICLOCK devices are affected by multiple vulnerabilities that could allow an attacker to cause denial-of-service conditions, bypass the authentication, and modify the firmware of the device or the administrative client. These devices are in a phase out process. Siemens has responded with mitigations for these issues.
Siemens' SICLOCK devices are affected by multiple vulnerabilities that could allow an attacker to cause denial-of-service conditions, bypass the authentication, and modify the firmware of the device or the administrative client. These devices are in a phase out process. Siemens has responded with mitigations for these issues.
Multiple Vulnerabilities Found in Robot Controllers (07/10/2018)
Universal Robots' robot controllers are affected by hard-coded credentials and are missing authentication. An ICS-CERT advisory has listed some mitigating actions for these vulnerabilities.
Universal Robots' robot controllers are affected by hard-coded credentials and are missing authentication. An ICS-CERT advisory has listed some mitigating actions for these vulnerabilities.
Polar Fitness App Gives Up Military, Home Locations for Soldiers (07/10/2018)
Researchers at Bellingcat have discovered that the fitness app Polar is revealing the locations of people exercising in secret places, including intelligence agencies, military bases, airfields, and embassies worldwide. Polar Flow, which is an app and Web service from a company in Finland, lets users track their fitness and sleep activity and offers a feature called "Explore," that helps people find new training routes. However, the app is giving up information on people who are working out near military areas. The researchers said, "By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised. As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map."
Researchers at Bellingcat have discovered that the fitness app Polar is revealing the locations of people exercising in secret places, including intelligence agencies, military bases, airfields, and embassies worldwide. Polar Flow, which is an app and Web service from a company in Finland, lets users track their fitness and sleep activity and offers a feature called "Explore," that helps people find new training routes. However, the app is giving up information on people who are working out near military areas. The researchers said, "By showing all the sessions of an individual combined onto a single map, Polar is not only revealing the heart rates, routes, dates, time, duration, and pace of exercises carried out by individuals at military sites, but also revealing the same information from what are likely their homes as well. Tracing all of this information is very simple through the site: find a military base, select an exercise published there to identify the attached profile, and see where else this person has exercised. As people tend to turn their fitness trackers on/off when leaving or entering their homes, they unwittingly mark their houses on the map."
QNAP Boots Multiple Vulnerabilities with Update for Q'center Virtual Appliance (07/11/2018)
Core Security has advised that QNAP's Q'center Virtual Appliance Web console contains several critical vulnerabilities that could enable a hacker to take over privileges and execute arbitrary commands. The vulnerabilities affect Q'center versions 1.6.1056 and 1.6.1075. QNAP has fixed the bugs in version 1.7.1083 and later.
Core Security has advised that QNAP's Q'center Virtual Appliance Web console contains several critical vulnerabilities that could enable a hacker to take over privileges and execute arbitrary commands. The vulnerabilities affect Q'center versions 1.6.1056 and 1.6.1075. QNAP has fixed the bugs in version 1.7.1083 and later.
Researchers Identify New Rowhammer Attack Method Along with Mitigation Technique (07/06/2018)
A team of researchers has identified a new Rowhammer style attack, that target devices with the latest version of Android. Rowhammer is a bug that impacts dynamic random-access memory chips and can result in kernel privilege on Linux systems. The attack method, which has been dubbed "RAMpage," uses a root exploit and a series of app-t-o-app exploits that bypass all scenarios. The team proposes "GuardION," a lightweight defense mechanism that mitigates against Rowhammer attacks by isolating DMA buffers using guard rows.
A team of researchers has identified a new Rowhammer style attack, that target devices with the latest version of Android. Rowhammer is a bug that impacts dynamic random-access memory chips and can result in kernel privilege on Linux systems. The attack method, which has been dubbed "RAMpage," uses a root exploit and a series of app-t-o-app exploits that bypass all scenarios. The team proposes "GuardION," a lightweight defense mechanism that mitigates against Rowhammer attacks by isolating DMA buffers using guard rows.
Researchers Report Intel on New Spectre Variants, Receive $100K for Their Troubles (07/11/2018)
Two researchers have discovered variations of the Spectre zero-day attack method and have notified Intel, which rewarded them with $100,000 USD for their efforts. Vladimir Kiriansky and Carl Waldspurger have uncovered Spectre 1.1, which leverages speculative stores to create speculative buffer overflows which can modify data and code pointers. They also presented findings on Spectre 1.2 which makes CPUs vulnerable that don't enforce read/write protections. Speculative stores can overwrite read-only data and code pointers to breach sandboxes. Intel and ARM both issued white papers to discuss the two Spectre variants. Oracle also published information regarding how it is assessing its own products in relations to these vulnerabilities. .
Two researchers have discovered variations of the Spectre zero-day attack method and have notified Intel, which rewarded them with $100,000 USD for their efforts. Vladimir Kiriansky and Carl Waldspurger have uncovered Spectre 1.1, which leverages speculative stores to create speculative buffer overflows which can modify data and code pointers. They also presented findings on Spectre 1.2 which makes CPUs vulnerable that don't enforce read/write protections. Speculative stores can overwrite read-only data and code pointers to breach sandboxes. Intel and ARM both issued white papers to discuss the two Spectre variants. Oracle also published information regarding how it is assessing its own products in relations to these vulnerabilities. .
Siemens Warns of Potential DoS Condition in SIPROTEC 5 Relays, EN100 Ethernet (07/11/2018)
A Siemens advisory reveals that the EN100 Ethernet communication module and SIPROTEC 5 relays are vulnerable to bugs that can lead to a denial-of-service attack over the network. Siemens has released updates for several products, is working on fixes for the other products, and has provided remediation methods until those updates are available.
A Siemens advisory reveals that the EN100 Ethernet communication module and SIPROTEC 5 relays are vulnerable to bugs that can lead to a denial-of-service attack over the network. Siemens has released updates for several products, is working on fixes for the other products, and has provided remediation methods until those updates are available.
VMware Updates Squash Bug Found in ESXi, Workstation and Fusion (07/06/2018)
VMware's ESXi, Workstation, and Fusion have received updates to address multiple out-of-bounds read vulnerabilities. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to crash their virtual machines.
VMware's ESXi, Workstation, and Fusion have received updates to address multiple out-of-bounds read vulnerabilities. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to crash their virtual machines.
Vulnerabilities Affect Rockwell Automation Allen-Bradley Stratix 5950 (07/06/2018)
Rockwell Automation's Allen-Bradley Stratix 5950 is vulnerable to several bugs that could allow an attacker to bypass client certification to create connections to the affected device or cause the device to crash, according to an ICS-CERT advisory. Some workarounds are depicted in the advisory. Rockwell Automation will inform users of updated firmware as soon as it is available.
Rockwell Automation's Allen-Bradley Stratix 5950 is vulnerable to several bugs that could allow an attacker to bypass client certification to create connections to the affected device or cause the device to crash, according to an ICS-CERT advisory. Some workarounds are depicted in the advisory. Rockwell Automation will inform users of updated firmware as soon as it is available.
Vulnerabilities in Broadband Gateway Routers Receive Patches (07/06/2018)
The researchers at SEC Consult have identified three critical vulnerabilities in broadband gateway routers manufactured by Advanced Digital Broadcast (ADB), whose communications devices are used by Cox Communications and Charter Communications, among other ISPs. According to the researchers, all of ADB's routers are impacted by privilege escalation, authorization bypass, and local jailbreak root vulnerabilities. ADB was first notified in June 2016 regarding these issues and patches first began rolling out a year later.
The researchers at SEC Consult have identified three critical vulnerabilities in broadband gateway routers manufactured by Advanced Digital Broadcast (ADB), whose communications devices are used by Cox Communications and Charter Communications, among other ISPs. According to the researchers, all of ADB's routers are impacted by privilege escalation, authorization bypass, and local jailbreak root vulnerabilities. ADB was first notified in June 2016 regarding these issues and patches first began rolling out a year later.