Tag Archive for: 0days

Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers

/in

Enlarge (credit: NSA)

Contrary to what Ars and the rest of the world reported Friday, none of the published exploits stolen from the National Security Agency work against currently supported Microsoft products. This is according to a Microsoft blog post published late Friday night.

That’s because the critical vulnerabilities for four exploits previously believed to be zerodays were patched in March, exactly one month before a group called Shadow Brokers published Friday’s latest installment of weapons-grade attacks. Those updates—which Microsoft indexes as MS17-010, CVE-2017-0146, and CVE-2017-—make no mention of the person or group who reported the vulnerabilities to Microsoft. The lack of credit isn’t unprecedented, but it’s uncommon, and it’s generating speculation that the reporters were tied to the NSA. In a vaguely worded statement issued Friday, Microsoft seemed to say it had had no contact with NSA officials concerning any of the exploits contained in Friday’s leak.

Microsoft provided the following table showing when various vulnerabilities were patched:

Read 7 remaining paragraphs | Comments

Technology Lab – Ars Technica

0-days hitting Fedora and Ubuntu open desktops to a world of hurt

/in

Enlarge

If you run a mainstream distribution of Linux on a desktop computer, there’s a good chance security researcher Chris Evans can hijack it when you do nothing more than open or even browse a specially crafted music file. And in the event you’re running Chrome on the just-released Fedora 25, his code-execution attack works as a classic drive-by.

The zero-day exploits, which Evans published on Tuesday, are the latest to challenge the popular conceit that Linux, at least in its desktop form, is more immune to the types of attacks that have felled Windows computers for more than a decade and have increasingly snared Macs in recent years.

While Evans’ attacks won’t work on most Linux servers, they will reliably compromise most desktop versions of Linux, which employees at Google, Facebook, and other security conscious companies often use in an attempt to avoid the pitfalls of Windows and Mac OS X. Three weeks ago, Evans released a separate Linux zero-day that had similarly dire consequences.

Read 8 remaining paragraphs | Comments

Technology Lab – Ars Technica

Once again, Adobe releases emergency Flash patch for Hacking Team 0-days

/in

Adobe Systems has issued an emergency update for its Flash media player to patch two critical zero-day vulnerabilities that allow attackers to surreptitiously install malware on end-user computers.

The previously unknown vulnerabilities were unearthed in the 400-gigabyte data dump hackers published nine days ago after rooting the servers of Hacking Team, the Italy-based company that sold spyware and exploits to governments around the world. As previously reported, Hacking Team was itself hacked by unknown individuals, who then published e-mails, sales invoices, and marketing material that appeared to contradict long-standing assurances from company executives that they operated ethically and didn’t do business with repressive governments.

The two Flash vulnerabilities unearthed this past weekend are in addition to a third one found earlier in the Hacking Team dump, which Adobe patched last week, a few days after it was discovered. All three critical vulnerabilities were present in Flash versions for Windows, Mac OS X, and Linux. At least one of them was potent enough to pierce the vaunted Google Chrome security sandbox, most likely because it was combined with a separate privilege-escalation exploit for Windows.

Read 2 remaining paragraphs | Comments


Ars Technica » Technology Lab

Google drops three OS X 0days on Apple

/in

Don’t look now, but Google’s Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple’s OS X platform.

In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What’s more, the first vulnerability, the one involving the “networkd ‘effective_audit_token’ XPC,” may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn’t make this explicit and Apple doesn’t publicly discuss security matters with reporters.

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public.

Read 1 remaining paragraphs | Comments


Ars Technica » Technology Lab