Security Flaws & Fixes - W/E - 8/2/19
AWDL Flaws Leave Apple Devices Exposed to Attacks (07/31/2019)
The key protocol in Apple's ecosystem contains multiple bugs that could result in man-in-the-middle attacks leading to denial-of-service conditions, privacy leaks, and more, according to researchers at Northeastern University and TU Darmstadt. Apple Wireless Direct Link (AWDL) is used by over one billion iOS and macOS devices for device-to-device communications and is the affected protocol. The scientists reverse-engineered Airdrop, which runs on AWDL, and found several bugs in the Bluetooth Low Energy discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. The researchers have provided proof-of-concept implementations and demonstrate how attacks can be carried out using a $20 USD micro:bit device and an off-the-shelf Wi-Fi card.
The key protocol in Apple's ecosystem contains multiple bugs that could result in man-in-the-middle attacks leading to denial-of-service conditions, privacy leaks, and more, according to researchers at Northeastern University and TU Darmstadt. Apple Wireless Direct Link (AWDL) is used by over one billion iOS and macOS devices for device-to-device communications and is the affected protocol. The scientists reverse-engineered Airdrop, which runs on AWDL, and found several bugs in the Bluetooth Low Energy discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. The researchers have provided proof-of-concept implementations and demonstrate how attacks can be carried out using a $20 USD micro:bit device and an off-the-shelf Wi-Fi card.
Buggy Firmware Lets the Masses Listen In on Home Security Cameras (07/30/2019)
Tenable's security team discovered that an attacker could listen in on the audio of an Amcrest IP2M-841B home security camera thanks to a bug in its firmware. The vulnerability exists in the firmware code from Dahua, a vendor that the US may ban because of potential spying concerns. "Essentially, if this thing is connected directly to the Internet, it's anyone's listening device," Tenable's Jacob Baines wrote of the IP2M-841B camera.
Tenable's security team discovered that an attacker could listen in on the audio of an Amcrest IP2M-841B home security camera thanks to a bug in its firmware. The vulnerability exists in the firmware code from Dahua, a vendor that the US may ban because of potential spying concerns. "Essentially, if this thing is connected directly to the Internet, it's anyone's listening device," Tenable's Jacob Baines wrote of the IP2M-841B camera.
Critical VxWorks Vulnerabilities Leave Industrial Control System Devices Exposed (07/30/2019)
The Armis team of researchers has uncovered 11 zero-day vulnerabilities in VxWorks, an operating system used in over two billion devices including critical industrial, medical, and enterprise devices. Dubbed "URGENT/11," the vulnerabilities reside in VxWorks' TCP/IP stack (IPnet), impacting all versions since version 6.5. Armis has worked closely with Wind River, the maintainer of VxWorks, and VxWorks 7, which was released on July 19, contains fixes for all the discovered vulnerabilities. Six of the vulnerabilities are remote code execution issues while the remaining vulnerabilities are classified as denial-of-service, information leaks, or logical flaws. URGENT/11 enables attackers to take over devices with no user interaction required and can bypass perimeter security devices. Wind River has released an advisory as has the ICS-CERT. Rockwell Automation and Xerox are among the vendors impacted.
The Armis team of researchers has uncovered 11 zero-day vulnerabilities in VxWorks, an operating system used in over two billion devices including critical industrial, medical, and enterprise devices. Dubbed "URGENT/11," the vulnerabilities reside in VxWorks' TCP/IP stack (IPnet), impacting all versions since version 6.5. Armis has worked closely with Wind River, the maintainer of VxWorks, and VxWorks 7, which was released on July 19, contains fixes for all the discovered vulnerabilities. Six of the vulnerabilities are remote code execution issues while the remaining vulnerabilities are classified as denial-of-service, information leaks, or logical flaws. URGENT/11 enables attackers to take over devices with no user interaction required and can bypass perimeter security devices. Wind River has released an advisory as has the ICS-CERT. Rockwell Automation and Xerox are among the vendors impacted.
Feds Warning of Potential Hackings to Aircraft Via Vulnerable CAN Bus Systems (07/30/2019)
The Cybersecurity and Infrastructure Security Agency (CISA) has warned that an insecure implementation of the CAN bus networks is affecting aircraft. An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. Rapid7 researchers first discovered this issue and reported it to the CISA.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned that an insecure implementation of the CAN bus networks is affecting aircraft. An attacker with physical access to the aircraft could attach a device to an avionics CAN bus that could be used to inject false data, resulting in incorrect readings in avionic equipment. Rapid7 researchers first discovered this issue and reported it to the CISA.
Flawed SSD Dashboard Lets Attackers Install Malware (08/01/2019)
Trustwave's Martin Rakhmanov uncovered vulnerabilities in the management utility for SanDisk solid-state drives (SSDs) that could allow attackers to install malware disguised as updates. The issue resides with the SSD Dashboard, which uses HTTP instead of the more secure HTTPS. A second bug uses a hard-coded password to protect customer report data which then supposed to be sent to SanDisk for examination. But Rakhmanov said the encryption is useless. Patches have been issued and those who use the Western Digital and SanDisk SSD Dashboard should immediately update their applications.
Trustwave's Martin Rakhmanov uncovered vulnerabilities in the management utility for SanDisk solid-state drives (SSDs) that could allow attackers to install malware disguised as updates. The issue resides with the SSD Dashboard, which uses HTTP instead of the more secure HTTPS. A second bug uses a hard-coded password to protect customer report data which then supposed to be sent to SanDisk for examination. But Rakhmanov said the encryption is useless. Patches have been issued and those who use the Western Digital and SanDisk SSD Dashboard should immediately update their applications.
Google Turns Flash Off in Latest Release of Chrome (07/31/2019)
An update for Chrome is available from Google. Chrome 76.0.3809.87 contains 43 security fixes, including a patch for a use-after-free bug in the offline page fetcher. This version also turns off Adobe Flash by default but users may still turn on Flash manually.
An update for Chrome is available from Google. Chrome 76.0.3809.87 contains 43 security fixes, including a patch for a use-after-free bug in the offline page fetcher. This version also turns off Adobe Flash by default but users may still turn on Flash manually.
Multiple VPN Applications Plagued by Critical Bugs (07/30/2019)
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. Palo Alto Networks, FortiGuard, and Pulse Secure have all issued advisories to provide further information.
The Cybersecurity and Infrastructure Security Agency (CISA) is aware of vulnerabilities affecting multiple Virtual Private Network applications. A remote attacker could exploit these vulnerabilities to take control of an affected system. Palo Alto Networks, FortiGuard, and Pulse Secure have all issued advisories to provide further information.
Numerous Bugs Found in Prima Systems' FlexAir (07/30/2019)
Multiple vulnerabilities in Prima Systems' FlexAir can allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user's browser, discover login credentials, bypass normal authentication, and have full system access. FlexAir is an access control platform. An ICS-CERT advisory presents further information.
Multiple vulnerabilities in Prima Systems' FlexAir can allow an attacker to execute commands directly on the operating system, upload malicious files, perform actions with administrative privileges, execute arbitrary code in a user's browser, discover login credentials, bypass normal authentication, and have full system access. FlexAir is an access control platform. An ICS-CERT advisory presents further information.