Tag: flaw | SpinSafe

A glaring Android TV security flaw might put your Gmail at risk

April 27, 2024/in Mobile Security

What you need to know

A loophole in Android TV could allow unauthorized access to Gmail and other linked services if someone gains physical access to the device.
Through an Android TV box, individuals can potentially hack into the Google account of the last user, compromising Gmail and Google Drive.
Initially, Google implied the behavior was expected, but later acknowledged the security flaw and claimed to have fixed it on newer Google TV devices.

A security loophole in Android TV could allow anyone to snoop on your Gmail and other linked services if they get their hands on your device, according to 404 Media.

As per a video posted on YouTube by Cameron Gray earlier this year, if someone gets their hands on an Android TV box, they can pretty much hack into the Google account of whoever last logged in, including their Gmail and Google Drive (via Mishaal Rahman).

PSA: Do not sign into your personal Google Account on any Android TV device you don’t own! https://t.co/l0FScUVT4MApril 25, 2024

If Google Chrome spots a Google account on the device it’s installed on, it automatically signs you in to any Google services you visit. Now, since Android TV is basically Android in essence, it treats the owner’s Google account sign-in like it’s permanent, so they automatically get logged in to approved apps from the Play Store.

Even though Google doesn’t officially let you install Chrome on Android TV, you can still sideload it to sneak it on there. And once it’s on, you’ve got access to Gmail, Drive, and all the other services, as demonstrated by the video.

In the video, Gray installs a third-party web browser called “TV Bro” that you can grab from the Play Store for Android TV. He uses it to dig up an APK for Chrome from some online archive and installs it without any trouble. But the app doesn’t play nice with TV remotes, so you will need a keyboard and mouse.

Once Chrome is up and running, it’s as easy as pie to hop over to Gmail’s website and you’re in—no password needed, no PIN, or biometrics required to prove you’re the TV’s owner.

Based on what Gray found, Android TV’s weak security makes it a prime target for peeking into signed-in email accounts. If you’re only using Android TV at home,…

Source…

Alert: Pixel Phones’ Exploited Android Zero-Day Flaw Patched

April 19, 2024/in Mobile Security

In the realm of smartphone security, the recent spotlight has fallen on Google Pixel devices, where two zero-day vulnerabilities have been unearthed and promptly addressed by Google. As per recent reports, the Android zero-day flaw, and others like it, were exploited by forensic firms, shedding light on the intricacies of smartphone security and the measures taken to safeguard user data and protect against these mobile security risks.

Exploited Vulnerabilities, Unique Fixes

Google Pixel phones, although running on the Android operating system, operate under a distinct update mechanism. Unlike other Android devices, Pixels receive tailored updates owing to their specialized hardware platform directly managed by Google. This bespoke approach ensures that Pixel users benefit from exclusive features and heightened security measures.

In the latest security bulletin for April 2024, while the broader Android ecosystem didn’t face significant threats, Pixel devices faced active exploitation of two vulnerabilities: CVE-2024-29745 and CVE-2024-29748. These vulnerabilities posed risks of vulnerability disclosure and elevation of privilege, respectively, highlighting the intricate nature of smartphone security.

A Peek into the Android Zero-Day Flaw

Forensic companies, adept at navigating device vulnerabilities, seized upon these flaws to unlock Pixel phones and access their stored data without the need for PIN authentication. GrapheneOS, a renowned name in privacy-focused Android distributions, uncovered these exploits, shedding light on the clandestine world of smartphone security breaches.

CVE-2024-29745, identified as a high-severity information disclosure flaw in the Pixel’s bootloader, and CVE-2024-29748, characterized as an elevation of privilege bug in the Pixel firmware, were the focal points of exploitation. These Zero-day exploits enabled unauthorized access to device memory, raising concerns regarding data integrity and user privacy.

Patching the Android Zero-Day Flaw in Pixel Phones

Responding swiftly to the looming threat, Google deployed fixes aimed at patching vulnerabilities. By implementing measures such as zeroing memory during booting and restricting USB…

Source…

Palo Alto Networks Discloses Exploitation Of ‘Critical’ Zero-Day Flaw Impacting PAN-OS

April 15, 2024/in Internet Security

The company says that exploits of the vulnerability have been ‘limited’ so far.

Palo Alto Networks disclosed Friday that a “critical” zero-day vulnerability affecting several versions of its PAN-OS firewall software has seen exploitation in attacks.

In an advisory, the cybersecurity giant said it is “aware of a limited number of attacks that leverage the exploitation of this vulnerability.”

Exploits of the flaw “may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall,” Palo Alto Networks said in the advisory.

The vendor said the vulnerability (tracked at CVE-2024-3400) has been rated as a “critical” severity issue. Patches are not yet available but are expected to be released by this coming Sunday, April 14.

Palo Alto Networks provided several recommended workarounds and mitigations for the issue, including temporarily disabling firewall telemetry.

In a statement provided to CRN Friday, Palo Alto Networks said that “upon notification of the vulnerability, we immediately provided mitigations and will provide a permanent fix shortly.”

“We are actively notifying customers and strongly encourage them to implement the mitigations and hotfix as soon as possible,” the company said.

The vulnerability was found in the GlobalProtect feature in PAN-OS firewalls, the company said. The flaw affects the PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 versions of the firewall software.

“Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability,” the company said. “All other versions of PAN-OS are also not impacted.”

Palo Alto Networks credited researchers at cybersecurity firm Volexity for discovering the vulnerability. In December, Volexity researchers discovered vulnerabilities affecting Ivanti Connect Secure VPN devices, which went on to see mass exploitation by threat actors.

Source…

Attackers exploit critical zero-day flaw in Palo Alto Networks firewalls

April 13, 2024/in Internet Security

“This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled,” the company said in its advisory.

Customers can check if they have the GlobalProtect gateway configured under the Network > GlobalProtect > Gateways menu in the firewall’s web interface. The telemetry feature can be checked under Device > Setup > Telemetry.

Mitigating Palo Alto Networks Pan-OS

The company plans to release software hotfixes for PAN-OS 10.2, PAN-OS 11.0 and PAN-OS 11.1 to address the flaw on April 14. These patches will be numbered 10.2.9-h1, 11.0.4-h1 and 11.1.2-h3. Older PAN-OS releases are not impacted and neither are the Cloud NGFW or Prisma Access and Panorama appliances.

Source…

Tag Archive for: flaw

What you need to know

Exploited Vulnerabilities, Unique Fixes

A Peek into the Android Zero-Day Flaw

Patching the Android Zero-Day Flaw in Pixel Phones

Mitigating Palo Alto Networks Pan-OS