Tag: fixes | SpinSafe

Bitdefender Fixes Major Security Vulnerability: Patch Your Software Now

April 5, 2024/in Internet Security

Bitdefender has released a patch for a major security flaw in its products that could expose users’ devices to third-party access.

Under the Common Vulnerability Scoring System (CVSS), this threat — CVE-2023-6154 — scored 7.8, representing a serious threat to users of the affected products. Hackers can exploit the vulnerability to gain control over your device, siphon off personal information, or install malware on your computer.

Vulnerability CVE-2023-6154: Local Privilege Escalation

The vulnerability in question impacts a number of Bitdefender software, including Total Security: 27.0.25.114; Internet Security: 27.0.25.114; Antivirus Plus: 27.0.25.114; and Antivirus Free: 27.0.25.114.

According to Bitdefender, the bug is a configuration issue in the seccenter.exe executable. By leveraging this vulnerability, attackers can control and influence the behavior of the software, allowing them to execute third-party libraries.

Thankfully, Bitdefender detected and issued a patch for the vulnerability that plugs the security hole in the above antivirus packages.

Bitdefender Has Faced Privilege Escalation Vulnerabilities Before

This isn’t the first time that Bitdefender has had issues with vulnerabilities. In 2020, Bitdefender Antivirus Free was found to have issues within two processes — vsserv.exe and updatesrv.exe.

These processes, which have the highest level of system permissions, could be hijacked to execute third-party, malicious scripts, according to a report by SafeBreach. Bitdefender fixed the bug a month after it was reported.

It’s not uncommon for vulnerabilities to be detected in cybersecurity products and other software. That’s why bug bounties and white hat hackers exist; they look for and report on issues like these before cybercriminals can exploit them.

How to Patch Your Bitdefender Software

If you use any of the affected Bitdefender software, we recommend updating your app immediately to receive the security patch. Here’s how:

Open the Bitdefender app on your device.
Click on “Update Now.”

Bitdefender sits second place in our ranking of the best antivirus solutions. To learn more about this…

Source…

Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’

February 1, 2024/in Internet Security

A day after reporters published their first hands-on review of Apple’s Vision Pro, the technology giant released its first security patch for the mixed reality headset to fix a vulnerability that “may have been exploited” by hackers in the wild.

On Wednesday, Apple released visionOS 1.0.2, the software that runs on the Vision Pro, with a fix for a vulnerability in WebKit, the browser engine that runs Safari and other web apps. Apple said the bug, if exploited, allowed malicious code to run on an affected device.

It’s the same vulnerability that Apple patched last week when it rolled out iOS 17.3, which included fixes for iPhones, iPads, Macs and Apple TV — all of which rely on WebKit. No patches for this bug, officially tracked as CVE-2024-23222, were released for Apple Watch.

It’s not immediately clear if malicious hackers used the vulnerability to specifically exploit Apple’s Vision Pro, and Apple spokesperson Scott Radcliffe would not say when asked by TechCrunch.

It also isn’t yet known who was exploiting the vulnerability, or for what reason.

It is not uncommon for malicious actors, such as spyware makers, to target weaknesses in WebKit as a way to break into the device’s underlying operating system and the user’s personal data. WebKit bugs can sometimes be exploited when a victim visits a malicious domain in their browser, or the in-app browser.

Apple rolled out several patches for WebKit bugs last year.

Vision Pro is expected to be available starting Friday.

Source…

Galaxy S23 grabs a January update packed with over 70 security flaw fixes

January 14, 2024/in Mobile Security

What you need to know

Samsung has started pushing its January 2024 security update to the Galaxy S23, S22, and S21 in Europe.
The patch features nearly 75 vulnerability fixes with the majority labeled as “High” priority.
Samsung acknowledged its lack of burn-in screen protection measures but it’s unclear if such an update to bring it made it into the January patch.

Samsung is starting to roll out its new year security update a little late to a few of its flagship phones.

According to SamMobile, the January 2024 security patch is arriving for the Galaxy S23, Galaxy S22, and Galaxy S21 series in Europe. Owners of the latest flagship series will find firmware version S91xBXXS3BWL3 when updating at an approximate 400MB download size. Those with a Galaxy S22 should see S90xBXXS7DWL3 while the S21 finds G99xBXXS9FWL9.

It’s worth noting that the update doesn’t appear to have arrived for any FE devices, so far.

Samsung goes over a few fixes itself, however, the update packs nearly 75 fixes, according to the changelog. The majority of the fixes rank “High” on the Korean OEM’s priority scale, as well. The company has included a fix involving its “Notification service,” which could’ve allowed an attacker to access a user’s information. This fix pertains to devices utilizing Android 11 up to Android 14.

A “High” level fix arrives for Galaxy device’s Bluetooth pairing process. Samsung explains the fix should solve a vulnerability where an attacker could’ve paired a device without user interaction.

Additionally, the January security update may have returned Samsung’s burn-in screen protection measures. The company formally acknowledged the issue, stating it should arrive in January during its “next update version.” Unfortunately, it’s unclear if the protection made its way in with this patch. Burn-in protection slightly shifts the pixels on your display to help preserve your OLED screen.

The update is currently making its rounds to the following Galaxy devices, as well:

Samsung Galaxy Z Flip 5 cover screen quick settings

(Image credit: Derrek Lee / Android Central)

Since the update was first spotted in Europe, the Galaxy S23 series and others should begin picking it up in the U.S. soon. Your Galaxy device should automatically begin downloading, but if it…

Source…

Ubiquiti fixes massive bug that allowed users to view others’ security cameras

December 18, 2023/in Internet Security

In context: Internet of Things (IoT) devices have often been scrutinized for being prone to security vulnerabilities. Many reports have detailed how smart cameras, doorbells, etc., are relatively easy to hack. It seems things haven’t changed much in the last several years.

A new development now puts the spotlight squarely on networking device manufacturer Ubiquiti after the company admitted that a misconfiguration with its cloud infrastructure allowed some of its customers to watch footage from strangers’ security cameras.

The admission came days after some Ubiquiti customers reported seeing images and videos from other people’s cameras through the company’s Unifi Protect cloud app. One of the first persons to report the bug was a Redditor claiming his wife received a notification, which included an image from a security camera that didn’t belong to them.

Another Redditor reported something even more alarming. The poster claimed to have navigated to the official Unifi device manager portal and logged into someone else’s account despite entering their own Unifi credentials. The user claimed seeing footage from another customer’s UDM Pro and could navigate the device and view or change settings.

A Ubiquiti customer on the company’s forum claimed to have accessed “88 consoles from another account” when logging into the Unifi portal. The user had full access to these devices until refreshing their browser. After that, the client returned to normal, with only owned devices showing.

After a massive outcry from customers, Ubiquiti fixed the bug. Last week, Ubiquiti released a statement admitting that in “a small number of instances,” users either received notifications from unknown consoles or accessed consoles that didn’t belong to them.

The company claims the problem happened due to an upgrade to Ubiquiti’s UniFi Cloud infrastructure, which it has since resolved. So, customers should no longer worry about their other users accessing their cameras and UniFi accounts. While the company claimed the bungle affected 1,216 accounts in one group and 1,177 in another, supposedly fewer than a dozen instances of improper access occurred. It added that it would notify those customers about…

Source…

Tag Archive for: fixes

Vulnerability CVE-2023-6154: Local Privilege Escalation

Bitdefender Has Faced Privilege Escalation Vulnerabilities Before

How to Patch Your Bitdefender Software

What you need to know