Posts

Google fixes sixth Chrome zero-day exploited in the wild this year


Google Chrome

Google has released Chrome 91.0.4472.101 for Windows, Mac, and Linux to fix 14 security vulnerabilities, with one zero-day vulnerability exploited in the wild and tracked as CVE-2021-30551.

Google Chrome 91.0.4472.101 has started rolling out worldwide and will become available to all users over the next few days.

Google Chrome will automatically attempt to upgrade the browser the next time you launch the program, but you can perform a manual update by going to Settings > Help > ‘About Google Chrome

Google updated to version 91.0.4472.10
Google updated to version 91.0.4472.10

Six Chrome zero-days exploited in the wild in 2021

Few details regarding today’s fixed zero-day vulnerability are currently available other than that it is a type confusion bug in V8, Google’s open-source and C++ WebAssembly and JavaScript engine.

The vulnerability was discovered by Sergei Glazunov of Google Project Zero and is being tracked as CVE-2021-30551.

Google states that they are “aware that an exploit for CVE-2021-30551 exists in the wild.”

Shane Huntley, Director of Google’s Threat Analysis Group, says that this zero-day was utilized by the same threat actors using the Windows CVE-2021-33742 zero-day fixed yesterday by Microsoft.

Today’s update fixes Google Chrome’s sixth zero-day exploited in attacks this year, with the other five listed below:

  • CVE-2021-21148 – February 4th, 2021
  • CVE-2021-21166 – March 2nd, 2021
  • CVE-2021-21193 – March 12th, 2021
  • CVE-2021-21220 – April 13th, 2021
  • CVE-2021-21224 – April 20th, 2021 

In addition to these vulnerabilities, news broke yesterday of a threat actor group known as Puzzlemaker that is chaining together Google Chrome zero-day bugs to escape the browser’s sandbox and install malware in Windows.

“Once the attackers have used both the Chrome and Windows exploits to gain a foothold in the targeted system, the stager module downloads and executes a more complex malware dropper from a remote server,” the researchers said.

Microsoft…

Source…

Shlayer Malware Exploited macOS Zero-Day To Bypass Apple Security

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


Apple has recently released macOS Big Sur 11.3. This update addresses numerous security flaws including a zero-day under attack. As revealed, this zero-day attracted Shlayer malware to target vulnerable macOS devices via Gatekeeper bypass.

Shlayer Malware Exploiting macOS Zero-day

Apple security firm Jamf Protect has shared details of a serious macOS zero-day that a Shlayer malware variant actively exploits.

The vulnerability first caught the attention of researcher Cedric Owens who then reported it to Apple. It was a serious security issue that allowed an adversary with a malicious app to bypass Apple’s security check Gatekeeper.

Elaborating further on this issue, Patrick Wardle explained that a logic issue existed in the way macOS evaluates an app. Due to the bug, the system even allowed unsigned apps to run uninhibited. As stated,

Any script-based application that does not contain an Info.plist file will be misclassified as “not a bundle” and thus will be allowed to execute with no alerts nor prompts.

Wardle has shared how an app could exploit this flaw in his blog post.

Following this discovery, Wardle reached out to Jamf Protect that detected active exploitation of the bug by a Shlayer variant.

Shlayer first caught attention in June 2020 when researchers noticed it actively targeting macOS devices. The malware would easily bypass Apple’s underlying security mechanisms, such as Gatekeeper, Notarization, and File Quarantine.

And now, Jamf detected a Shlayer variant already designed in a way to exploit this logic issue CVE-2021-30657. Thus, the malware now requires no user interaction (such as the right-click limitation of the previous variant) to execute. All it takes is to trick a user into downloading the malicious file on the device and attempting to install it.

The attackers are currently distributing this malware via hacked and phishing websites appearing in Google SERPs.

Another Gatekeeper Also Fixed With Other Bugs

In addition to the above, one more Gatekeeper bypass bug has also received a fix with macOS Big Sur 11.3.

This vulnerability caught the attention of F-Secure researcher Rasmus Sten who then reported it to Apple.

Elaborating on this flaw in a blog…

Source…

Another Google Chrome 0-Day Bug Found Actively Exploited In-the-Wild

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Google has addressed yet another actively exploited zero-day in Chrome browser, marking the second such fix released by the company within a month.

The browser maker on Friday shipped 89.0.4389.90 for Windows, Mac, and Linux, which is expected to be rolling out over the coming days/weeks to all users.

While the update contains a total of five security fixes, the most important flaw rectified by Google concerns a use after free vulnerability in its Blink rendering engine. The bug is tracked as CVE-2021-21193.

Details about the flaw are scarce except that it was reported to Google by an anonymous researcher on March 9.

As is usually the case with actively exploited flaws, Google issued a terse statement acknowledging that an exploit for CVE-2021-21193 existed but refrained from sharing additional information until a majority of users are updated with the fixes and prevent other threat actors from creating exploits targeting this zero-day.

“Google is aware of reports that an exploit for CVE-2021-21193 exists in the wild,” Chrome Technical Program Manager Prudhvikumar Bommana noted in a blog post.

With this update, Google has fixed three zero-day flaws in Chrome since the start of the year.

Earlier this month, the company issued a fix for an “object lifecycle issue in audio” (CVE-2021-21166) which it said was being actively exploited. Then on February 4, the company resolved another actively-exploited heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript rendering engine.

Chrome users can update to the latest version by heading to Settings > Help > About Google Chrome to mitigate the risk associated with the flaw.

Source…


[the_ad_group id="27628"]

Massive Hacks Linked to Russia, China Exploited U.S. Internet Security Gap

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


U.S. lawmakers and security experts are voicing concern that foreign governments are staging cyberattacks using servers in the U.S., in an apparent effort to avoid detection by America’s principal cyberintelligence organization, the National Security Agency.

When hackers recently targeted servers running Microsoft Corp.’s widely used Exchange software, they employed U.S.-based computers from at least four service providers to mount their attack, according to an analysis by the threat intelligence company DomainTools LLC.

The attack that Microsoft disclosed last week affected at least tens of thousands of customers and has been linked by the software giant and other security researchers to China-based hackers. The Chinese Embassy in Washington on Tuesday didn’t directly address the charge that China was behind the Microsoft hack and referred to earlier comments from Beijing in which the government said it “opposes and combats cyberattacks and cyber thefts in all forms.”

It is the second major suspected nation-state hack unearthed in the past few months to have employed U.S. servers as a launchpad. Suspected Russian hackers used U.S.-based cloud services to support key stages of their attack that leveraged a hack at SolarWinds Corp. , the Austin, Texas, network software provider through which they penetrated U.S. government and corporate networks. In both cases, the hacks were disclosed by private-sector researchers, not the U.S. government.

The NSA, with its tens of thousands of employees, is one of the main U.S. government organizations responsible for protecting the U.S. in cyberspace. It has vast surveillance powers, though is generally prohibited from using them to collect intelligence on domestic targets, including computer servers inside the U.S. maintained by American companies.

Source…