Tag: ios | Page 2

New 5G Modem Flaws Affect iOS Devices and Android Models from Major Brands

December 9, 2023/in Mobile Security

Dec 08, 2023NewsroomVulnerability / Mobile Network

A collection of security flaws in the firmware implementation of 5G mobile network modems from major chipset vendors such as MediaTek and Qualcomm impact USB and IoT modems as well as hundreds of smartphone models running Android and iOS.

Of the 14 flaws – collectively called 5Ghoul (a combination of “5G” and “Ghoul”) – 10 affect 5G modems from the two companies, out of which three have been classified as high-severity vulnerabilities.

“5Ghoul vulnerabilities may be exploited to continuously launch attacks to drop the connections, freeze the connection that involve manual reboot or downgrade the 5G connectivity to 4G,” the researchers said in a study published today.

As many as 714 smartphones from 24 brands are impacted, including those from Vivo, Xiaomi, OPPO, Samsung, Honor, Motorola, realme, OnePlus, Huawei, ZTE, Asus, Sony, Meizu, Nokia, Apple, and Google.

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

The vulnerabilities were disclosed by a team of researchers from the ASSET (Automated Systems SEcuriTy) Research Group at the Singapore University of Technology and Design (SUTD), who also previously uncovered BrakTooth in September 2021 and SweynTooth in February 2020.

The attacks, in a nutshell, attempt to deceive a smartphone or a 5G-enabled device to connect a rogue base station (gNB), resulting in unintended consequences.

“The attacker does not need to be aware of any secret information of the target UE e.g., UE’s SIM card details, to complete the NAS network registration,” the researchers explained. “The attacker only needs to impersonate the legitimate gNB using the known Cell Tower connection parameters.”

A threat actor can accomplish this by using apps like Cellular-Pro to determine the Relative Signal Strength Indicator (RSSI) readings and trick the user equipment to connect to the adversarial station (i.e., a software-defined radio) as well as an inexpensive mini…

Source…

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

November 16, 2023/in Internet Security

Hi, what are you looking for?
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
This is the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said.
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Advertisement. Scroll to continue reading.

Related: Qualcomm Patches 3 Zero-Days Reported by Google
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Patches Actively Exploited iOS, macOS Zero-Days
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs,…

Source…

Cisco patches IOS XE zero-days used to hack over 50,000 devices

October 29, 2023/in Internet Security

Cisco has released a patch to fix two high-severity flaws that were being abused in the wild to take over vulnerable endpoints.

The first fixed version is 17.9.4a, and IT admins are urged to apply it immediately and secure their premises. The patch can be found in the company’s Software Download Center.

News recently broke of hackers exploiting a critical vulnerability in some Cisco devices to gain full admin control of entire networks. The vulnerability was found in the Web User Interface of Cisco IOS XE software connected to the public internet. So, whatever Cisco endpoint (routers, switches, etc.) that runs the software, has HTTP and HTTPS Server features enabled, and is connected to the internet, was vulnerable to full device takeover.

Identifying compromised devices

It was reported that some 80,000 endpoints were affected by the flaw at the time, which is tracked as CVE-2023-20198, and carries a severity rating of 10. The second vulnerability is tracked as CVE-2023-20273, and carries a severity score of 7.2.

A threat actor that manages to successfully exploit these two flaws can create an account with privilege level 15 access, which gives them full access to the compromised device and allows them to install even more malware. “This is a critical vulnerability, and we strongly recommend affected entities immediately implement the steps outlined in Cisco’s PSIRT advisory,” researchers from Talos said at the time.

Initial reports also claimed someone had been exploiting the flaw for a month before it was uncovered, but no one knows who, or against whom.

While the researchers initially saw up to 80,000 vulnerable endpoints, the number dropped over the last weekend to “just a few hundred”, BleepingComputer reported. Cybersecurity experts from For-IT said the malicious code of thousands of devices was “altered to check for an Authorization HTTP header value before responding”. In other words, the analysis method was wrong. Using a different method showed almost 40,000 compromised devices.

Via BleepingComputer