Security Flaws & Fixes - W/E - 101918
Apple Provides Tool Allowing Users to Access Personal Data (10/17/2018)
Apple has revamped its privacy page and for the first time is allowing users in the United States the opportunity to download and review all of their data collected by the company. The option has been available to European users since May as part of the European Union's General Data Protection Regulation (GDPR). Personally identifiable information such as Apple account info, iTunes and App Store purchases and usage, contacts, calendars, mail, and even photos and documents stored in iCloud can be downloaded. But since Apple prides itself on limiting the amount of user data it stores - and encrypting many items so they can't be accessed by the company - don't expect to see a complete history of everything you've done with your device. Other aspects of the site's update include options for deactivating or deleting your account and correcting data the company is holding. The site also includes a detailed explanation of the company's data-retention policies and a library of transaction reports that outline government and law enforcement requests for data.
Apple has revamped its privacy page and for the first time is allowing users in the United States the opportunity to download and review all of their data collected by the company. The option has been available to European users since May as part of the European Union's General Data Protection Regulation (GDPR). Personally identifiable information such as Apple account info, iTunes and App Store purchases and usage, contacts, calendars, mail, and even photos and documents stored in iCloud can be downloaded. But since Apple prides itself on limiting the amount of user data it stores - and encrypting many items so they can't be accessed by the company - don't expect to see a complete history of everything you've done with your device. Other aspects of the site's update include options for deactivating or deleting your account and correcting data the company is holding. The site also includes a detailed explanation of the company's data-retention policies and a library of transaction reports that outline government and law enforcement requests for data.
Authentication Bypass Bug in libssh Targets Servers, But Not GitHub's (10/18/2018)
GitHub remains unaffected by a security issue affecting thousands of servers. However, the authentication bypass bug exists in libssh versions 0.6 and higher when used in server mode. The vulnerability has been patched. A researcher warned that he uncovered over 3,300 servers vulnerable to this bug.
GitHub remains unaffected by a security issue affecting thousands of servers. However, the authentication bypass bug exists in libssh versions 0.6 and higher when used in server mode. The vulnerability has been patched. A researcher warned that he uncovered over 3,300 servers vulnerable to this bug.
Bug in iOS VoiceOver Exploitable to Look Through Photos (10/17/2018)
An iOS hacker has found a bug that can give an attacker unauthorized access to photos on an iPhone, AppleInsider reported. The bug, which is unpatched and affects the VoiceOver feature, has been detailed in a YouTube video. Rodriguez said that by using VoiceOver and the Siri assistant, an attacker can access photos and send them to another user.
An iOS hacker has found a bug that can give an attacker unauthorized access to photos on an iPhone, AppleInsider reported. The bug, which is unpatched and affects the VoiceOver feature, has been detailed in a YouTube video. Rodriguez said that by using VoiceOver and the Siri assistant, an attacker can access photos and send them to another user.
Bugs Identified in LAquis SCADA Industrial Software (10/17/2018)
LAquis SCADA, an industrial automation software, is vulnerable to several bugs, including a stack-based overflow and path traversal. According to an advisory, users should update to Version 4.1.0.4114.
LAquis SCADA, an industrial automation software, is vulnerable to several bugs, including a stack-based overflow and path traversal. According to an advisory, users should update to Version 4.1.0.4114.
Cisco Advises on Vulnerabilities Across Product Lines (10/17/2018)
Cisco released multiple advisories to address vulnerabilities in its product suites. Seven of the 15 advisories deal with issues that are rated as "high," including a privilege escalation bug in Cisco's Wireless LAN Controller Software GUI.
Cisco released multiple advisories to address vulnerabilities in its product suites. Seven of the 15 advisories deal with issues that are rated as "high," including a privilege escalation bug in Cisco's Wireless LAN Controller Software GUI.
Google's Chrome 70 Is Now Available (10/17/2018)
Google has released Chrome 70, which contains fixes for 23 security issues. Among these fixed issues are a sandbox escape in AppCache and a remote code execution bug in V8. Further information can be found in Google's advisory.
Google has released Chrome 70, which contains fixes for 23 security issues. Among these fixed issues are a sandbox escape in AppCache and a remote code execution bug in V8. Further information can be found in Google's advisory.
Local Privilege Escalation Bug Patched in Java Usage Tracker (10/18/2018)
The Trend Micro security team found a design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. Oracle patched this bug as part of its October Security Bulletin.
The Trend Micro security team found a design flaw/weakness in Java Usage Tracker that can enable hackers to create arbitrary files, inject attacker-specified parameters, and elevate local privileges. In turn, these can be chained and used to escalate privileges in order to access resources in affected systems that are normally protected or restricted to other applications or users. Oracle patched this bug as part of its October Security Bulletin.
Microsoft's Patch for JET Database Is Incomplete (10/17/2018)
Third-party vendor 0patch has gone ahead and issued a micropatch for a critical JET Database Engine vulnerability that Microsoft incompletely patched in its October batch of fixes. The bug was shared in September after Microsoft did not provide a patch for it within the expected 120 day period. 0patch, a project that offers small fixes for vulnerabilities, issued a micropatch for the JET bug. Microsoft then released an official patch on October 9 as part of its monthly security update, but it was discovered to not be a complete fix. 0patch's Mitja Kolsek said in a post, "Namely, in an ironical twist of fate Microsoft's October update actually re-opened the CVE-2018-8423 vulnerability for 0patch users who were previously protected by our micropatch. This new micropatch, which has already been distributed to all online users by now, resumes their protection."
Third-party vendor 0patch has gone ahead and issued a micropatch for a critical JET Database Engine vulnerability that Microsoft incompletely patched in its October batch of fixes. The bug was shared in September after Microsoft did not provide a patch for it within the expected 120 day period. 0patch, a project that offers small fixes for vulnerabilities, issued a micropatch for the JET bug. Microsoft then released an official patch on October 9 as part of its monthly security update, but it was discovered to not be a complete fix. 0patch's Mitja Kolsek said in a post, "Namely, in an ironical twist of fate Microsoft's October update actually re-opened the CVE-2018-8423 vulnerability for 0patch users who were previously protected by our micropatch. This new micropatch, which has already been distributed to all online users by now, resumes their protection."
Multiple Vulnerabilities Found in PHP, Update Recommended (10/15/2018)
An advisory posted by the Multi-State Information Sharing and Analysis Center identifies multiple vulnerabilities in PHP, the most severe of which could allow an attacker to execute arbitrary code. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition. It is recommended that users upgrade to the latest version of PHP.
An advisory posted by the Multi-State Information Sharing and Analysis Center identifies multiple vulnerabilities in PHP, the most severe of which could allow an attacker to execute arbitrary code. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploitation could result in a denial-of-service condition. It is recommended that users upgrade to the latest version of PHP.
Omron Update Fixes Bugs in CX-Supervisor (10/17/2018)
Omron's CX-Supervisor has several vulnerabilities, which have been detailed in an ICS-CERT advisory. Version 3.4.2 of CX-Supervisor has been released to mitigate these issues.
Omron's CX-Supervisor has several vulnerabilities, which have been detailed in an ICS-CERT advisory. Version 3.4.2 of CX-Supervisor has been released to mitigate these issues.
Oracle Plugs 310 Holes with October's Security Patch Bulletin (10/17/2018)
Over 300 vulnerabilities have been remedied by Oracle in October's Critical Patch Update. The 301 fixes comprise Oracle's Database Server, Java SE, and other product families. This is the final expected massive batch of vulnerability patches expected for 2018.
Over 300 vulnerabilities have been remedied by Oracle in October's Critical Patch Update. The 301 fixes comprise Oracle's Database Server, Java SE, and other product families. This is the final expected massive batch of vulnerability patches expected for 2018.
Researchers Point Out Flaws in Linksys Routers (10/17/2018)
Multiple exploitable operating system command injection vulnerabilities exist in the Linksys E Series line of routers. An attacker could exploit these bugs by sending an authenticated HTTP request to the network configuration and then gain the ability to arbitrarily execute code on the machine. Cisco's Talos researchers discovered these bugs and reported them to Linksys. The vulnerabilities have since been patched.
Multiple exploitable operating system command injection vulnerabilities exist in the Linksys E Series line of routers. An attacker could exploit these bugs by sending an authenticated HTTP request to the network configuration and then gain the ability to arbitrarily execute code on the machine. Cisco's Talos researchers discovered these bugs and reported them to Linksys. The vulnerabilities have since been patched.
Security Bug on Third-Party Site Affects Tinder, Shopify, and Yelp (10/15/2018)
While analyzing client-side security for dating apps, the research team at vpnMentor found multiple issues affecting Tinder. Further investigation led the researchers to determine that it wasn't just Tinder that was plagued by these issues, but other apps as well, which led them to identify the source of the vulnerabilities: Branch.io, an attribution platform used by many companies. Shopify, Yelp, Western Union, and Imgur are all affected, and vpnMentor believes 685 million users of these sites could be at risk. A DOM-based XSS (cross-site scripting) vulnerability was to blame and has since been patched.
While analyzing client-side security for dating apps, the research team at vpnMentor found multiple issues affecting Tinder. Further investigation led the researchers to determine that it wasn't just Tinder that was plagued by these issues, but other apps as well, which led them to identify the source of the vulnerabilities: Branch.io, an attribution platform used by many companies. Shopify, Yelp, Western Union, and Imgur are all affected, and vpnMentor believes 685 million users of these sites could be at risk. A DOM-based XSS (cross-site scripting) vulnerability was to blame and has since been patched.
Tumblr Closes Hole that Exposed User Information (10/18/2018)
Tumblr has disclosed details regarding a bug that could have been exploited to grab user information. Email addresses, passwords, user location, and other information may have been exposed by this vulnerability. The bug was detected by a researcher participating in Tumblr's bug bounty program.
Tumblr has disclosed details regarding a bug that could have been exploited to grab user information. Email addresses, passwords, user location, and other information may have been exposed by this vulnerability. The bug was detected by a researcher participating in Tumblr's bug bounty program.
Two ICS-CERT Advisories Detail Bugs in NUUO Products (10/15/2018)
Two vulnerabilities in NUUO's NVRmini2 and NVRsolo could allow an attacker to achieve remote code execution and user account modification. These devices are network video recorders. An ICS-CERT advisory states that NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. A second advisory discusses several vulnerabilities in NUUO CMS, a central software management platform. Multiple versions are affected and users should update to firmware v3.3.
Two vulnerabilities in NUUO's NVRmini2 and NVRsolo could allow an attacker to achieve remote code execution and user account modification. These devices are network video recorders. An ICS-CERT advisory states that NUUO has developed a fix for the reported vulnerabilities and recommends users update to firmware v3.9.1. A second advisory discusses several vulnerabilities in NUUO CMS, a central software management platform. Multiple versions are affected and users should update to firmware v3.3.
Unpatched Bugs Leave D-Link Routers Susceptible to Attacks (10/17/2018)
Researcher Blazej Adamczyk has disclosed several vulnerabilities in D-Link routers after notifying the vendor in May and receiving no reply regarding updates or patches. The vulnerabilities are serious on their own, but if chained together, an attacker could gain complete control over the device.
Researcher Blazej Adamczyk has disclosed several vulnerabilities in D-Link routers after notifying the vendor in May and receiving no reply regarding updates or patches. The vulnerabilities are serious on their own, but if chained together, an attacker could gain complete control over the device.
Update Remedies Security Issues in Delta Industrial Automation's TPEditor (10/15/2018)
Two vulnerabilities, an out-of-bounds write and a stack-based overflow, have been detected in Delta Electronics' Industrial Automation TPEditor. Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.91, according to an advisory posted by the ICS-CERT.
Two vulnerabilities, an out-of-bounds write and a stack-based overflow, have been detected in Delta Electronics' Industrial Automation TPEditor. Delta Electronics recommends affected users update to the latest version of Delta Industrial Automation TPEditor, Version 1.91, according to an advisory posted by the ICS-CERT.
VMware Patches Bugs in ESXi, Workstation, and Fusion (10/17/2018)
ESXi, Workstation, and Fusion updates from VMware address an out-of-bounds read vulnerability. This issue could cause a guest to execute code on the host. Further information has been made available in a vendor-issued advisory.
ESXi, Workstation, and Fusion updates from VMware address an out-of-bounds read vulnerability. This issue could cause a guest to execute code on the host. Further information has been made available in a vendor-issued advisory.