Tag Archive for: Newly

Apple Ships Urgent iOS Patch for Newly Exploited Zero-Days

/in


Apple on Friday pushed out a major iOS security update to fix a pair of zero-day vulnerabilities already being exploited in the wild.

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices.

“Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google and Amnesty International with reporting the issue.

The advisory documents two separate issues — CVE-2023-28205 and CVE-2023-28206 — that expose iPhones and iPads to arbitrary code execution attacks.

Apple described the IOSurfaceAccelerator flaw as an out-of-bounds write issue that was addressed with improved input validation.

The WebKit bug, which has already been exploited via web content to execute arbitrary code with kernel privileges, has been fixed with improved memory management.

The company did not say if the newly discovered exploits are capable of bypassing the Lockdown Mode feature that Apple shipped to deter these types of attacks.

The iOS patch comes alongside news from Google that commercial spyware vendors are burning through zero-days to infect mobile devices with surveillance malware.

In one of the two campaigns described by Google this week, an attack started with a link being sent to the targeted user via SMS. When clicked, the link took the victim to malicious websites delivering Android or iOS exploits — depending on the target’s device. Once the exploits were delivered, victims were redirected to legitimate websites, likely in an effort to avoid raising suspicion. 

The iOS exploit chain also hit a WebKit vulnerability (CVE-2022-42856) that Apple patched in iPhones in December 2022. Attacks also involved a Pointer Authentication (PAC) bypass technique, and an exploit for CVE-2021-30900, a sandbox escape and privilege escalation vulnerability that Apple patched in iOS in 2021. 

So far this year, there have been at least 24 documented zero-day vulnerabilities exploited in the wild prior to discovery.

Related: Apple Adds ‘Lockdown Mode’ to Thwart .Gov Mercenary…

Source…

Nigerian press zones in on circulation of newly redesigned banknotes, others –

/in


The report that the newly redesigned naira notes will go into circulation today with Deposit Money Banks releasing the bills to their customers via over-the-counter payments dominates the headlines of Nigerian newspapers on Thursday.The Punch reports that the newly redesigned naira notes will go into circulation on Thursday (today) with Deposit Money Banks releasing the bills to their customers via over-the-counter payments.

This came about three weeks after the President Muhammadu Buhari, unveiled the new bills at a weekly Federal Executive Council meeting in Aso Rock Villa.

The President unveiled the redesigned notes across the N200, N500 and N1,000 denominations.

The Governor, Central Bank of Nigeria, Godwin Emefiele, had in October announced that apex bank would release re-designed naira notes by December 15, 2022.

He also disclosed that the old notes would cease to be regarded as legal tender by January 31, 2023.

Emefiele pointed out that the redesigning of the naira notes would help to curb counterfeit notes, and reduce ransom payments to terrorists and kidnappers.

The CBN boss said it was worrisome that 85 per cent of the total currency in circulation was being hoarded by Nigerians.

As such, he said the redesigning of the local currency would help to mop up the currency outside the banking sector, adding that out of about N3.3tn in circulation, close to N2.75tn were outside the banking sector.

The newspaper says that Nigeria lost 619.7 million barrels of crude oil valued at $46.16bn or N16.25tn in 12 years, from 2009 to 2020, the Nigeria Extractive Industries Transparency Initiative, has said.

It disclosed this in a statement issued by its Head, Communications and Advocacy, Obiageli Onuorah.

It also welcomed the decision of the Federal Government to set up a Special Investigative Panel on Oil Theft and Losses in Nigeria, describing it as bold, courageous and timely, given the havoc the menace had wrecked in oil production and the country’s revenue generation.

Nigeria’s crude oil losses, according to NEITI, were basically from theft and sabotage, according to information and data provided by an average of eight companies covered by NEITI’s process over the…

Source…

Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps

/in


SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking, and risk prioritization to an organization’s digital asset landscape. Research from ESG
revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Assets form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps.

With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment, and process improvements to reduce risk. HackerOne’s community of ethical hackers enrich the asset and scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.

“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” explained Ashish Warty, SVP of Engineering at HackerOne. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”

“Having in-depth visibility of our attack surface is a core part of our security strategy,” said Roy Davis, Lead Security Engineer at Zoom. “With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those…

Source…

Newly identified PACMAN flaw in Apple M1 CPU can’t be patched

/in


What just happened? Researchers have revealed a newly discovered attack vector allowing malicious actors to overcome the M1’s security features. The exploit allows the CPU’s Pointer Authentication Codes (PAC), designed to defend against malicious code injection, to be sidestepped entirely. It also leaves no trace of an attack and cannot be proactively patched due to the exploit’s hardware-based nature.

Led by MIT’s Mengjia Yan, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) created the novel attack using a combination of memory corruption and speculative execution to bypass the M1’s security. The research team’s proof of concept also demonstrated the attack’s effectiveness against the CPU kernel, which could have far-reaching impacts on any PAC-enabled ARM system.

A PAC typically guards the OS kernel by causing any mismatch between a PAC pointer and its authentication code to result in a crash. The PACMAN attack’s reliance on speculative execution and repeated guesses is critical to its success. Due to the finite number of PAC values, the team determined that it would be possible for a malicious actor to find the correct PAC value by simply trying them all. However, this requires the ability to make multiple guesses without triggering an exception any time the values are incorrectly guessed. The researchers figured out a way to do just that.

According to the team, a given malware exploit would have a 1 in 65,000 chance of guessing the correct code and not producing an exception. Unlike other malware, PACMAN can prevent these wrong guesses from triggering an exception, resulting in the ability to avoid crashes. Once guessed, the malware can inject malicious code into the target’s memory without resistance.

Despite the MIT team’s findings, a statement by Apple’s Scott Radcliffe attempted to downplay the discovery and its potential impact.

“[The exploit] does not pose an immediate threat to our users and is insufficient to bypass operating system security protections on its own,” said Radcliffe.

Apple currently uses PAC on all of their custom ARM products. Other manufacturers, including Qualcomm and Samsung, have also…

Source…