Tag Archive for: patched

Update Zoom right now, major security flaw patched

/in


Zoom has rushed out an important update for its macOS app, which patches a big security hole. The fix is for the auto-update process, which could let an attacker take over your system.

The issue was first found by a security researcher, Patrick Wardle. A combination of issues adds up to anyone being able to get root (superuser privileges) without a password on a Mac computer.

The attack was interesting enough for Wardle to present at Def Con, one of the premier hacking conferences, in Las Vegas last week. Zoom had already fixed some of the issues before his talk, with the remainder fixed shortly afterward.

Again, if you’re a macOS user who has Zoom installed, go look for an update. The fix is included in version 5.11.5 of the Zoom client.

According to Wardle, who spoke to The Verge last week, he disclosed the bugs to Zoom almost eight months ago. He even told them what needed to be done to fix the issues.

If attackers had wanted, they could have used the privilege escalation in Zoom to do almost anything they wanted on the target Mac. That includes installing more programs, modifying, deleting, or sending data to a remote device.

How to update Zoom

zoom check for updates screen
Image: KnowTechie

You can check to see if any updates are available for Zoom by clicking your profile icon on the app and finding “Check for Updates” in the dropdown list. For additional help, you can watch Zoom’s own video tutorial here.

If you are on any version lower than 5.11.5, it’s time to update. You’ve already been at risk for the best part of a year, don’t let that continue any longer.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Source…

Apple Just Patched 37 iPhone Security Bugs—Update iOS ASAP

/in


July has been a month of important updates, including patches for already-exploited vulnerabilities in Microsoft and Google products. This month also saw the first Apple iOS update in eight weeks, fixing dozens of security flaws in iPhones and iPads.

Security vulnerabilities continue to hit enterprise products, too, with July patches issued for SAP, Cisco, and Oracle software. Here’s what you need to know about the vulnerabilities fixed in July.

Apple iOS 15.6

Apple has released iOS and iPadOS 15.6 to fix 37 security flaws, including an issue in Apple File System (APFS) tracked as CVE-2022-32832. If exploited, the vulnerability could allow an app to execute code with kernel privileges, according to Apple’s support page, giving it deep access to your device.

Other iOS 15.6 patches fix vulnerabilities in the kernel and WebKit browser engine, as well as flaws in IOMobileFrameBuffer, Audio, iCloud Photo Library, ImageIO, Apple Neural Engine, and GPU Drivers.

Apple isn’t aware of any of the patched flaws being used in attacks, but some of the vulnerabilities are pretty serious—especially those affecting the kernel at the heart of the operating system. It’s also possible for vulnerabilities to be chained together in attacks, so make sure you update as soon as possible.

The iOS 15.6 patches were released alongside watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, macOS Big Sur 11.6.8, and macOS Catalina 10.15.7 2022-005.

Google Chrome

Google released an emergency patch for its Chrome browser in July, fixing four issues, including a zero-day flaw that has already been exploited. Tracked as CVE-2022-2294 and reported by Avast Threat Intelligence researchers, the memory corruption vulnerability in WebRTC was abused to achieve shellcode execution in Chrome’s renderer process.

The flaw was used in targeted attacks against Avast users in the Middle East, including journalists in Lebanon, to deliver spyware called DevilsTongue.

Based on the malware and tactics used to carry out the attack, Avast attributes the use of the Chrome zero-day to Candiru, an Israel-based company that sells spyware to governments.

Microsoft’s Patch Tuesday

Microsoft’s July Patch Tuesday is a big one, fixing 84…

Source…

Newly identified PACMAN flaw in Apple M1 CPU can’t be patched

/in


What just happened? Researchers have revealed a newly discovered attack vector allowing malicious actors to overcome the M1’s security features. The exploit allows the CPU’s Pointer Authentication Codes (PAC), designed to defend against malicious code injection, to be sidestepped entirely. It also leaves no trace of an attack and cannot be proactively patched due to the exploit’s hardware-based nature.

Led by MIT’s Mengjia Yan, researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (MIT CSAIL) created the novel attack using a combination of memory corruption and speculative execution to bypass the M1’s security. The research team’s proof of concept also demonstrated the attack’s effectiveness against the CPU kernel, which could have far-reaching impacts on any PAC-enabled ARM system.

A PAC typically guards the OS kernel by causing any mismatch between a PAC pointer and its authentication code to result in a crash. The PACMAN attack’s reliance on speculative execution and repeated guesses is critical to its success. Due to the finite number of PAC values, the team determined that it would be possible for a malicious actor to find the correct PAC value by simply trying them all. However, this requires the ability to make multiple guesses without triggering an exception any time the values are incorrectly guessed. The researchers figured out a way to do just that.

According to the team, a given malware exploit would have a 1 in 65,000 chance of guessing the correct code and not producing an exception. Unlike other malware, PACMAN can prevent these wrong guesses from triggering an exception, resulting in the ability to avoid crashes. Once guessed, the malware can inject malicious code into the target’s memory without resistance.

Despite the MIT team’s findings, a statement by Apple’s Scott Radcliffe attempted to downplay the discovery and its potential impact.

“[The exploit] does not pose an immediate threat to our users and is insufficient to bypass operating system security protections on its own,” said Radcliffe.

Apple currently uses PAC on all of their custom ARM products. Other manufacturers, including Qualcomm and Samsung, have also…

Source…

Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

/in


Hackers can infect >100 Lenovo models with unremovable malware. Are you patched?

Getty Images

Lenovo has released security updates for more than 100 laptop models to fix critical vulnerabilities that make it possible for advanced hackers to surreptitiously install malicious firmware that can be next to impossible to remove or, in some cases, to detect.

Three vulnerabilities affecting more than 1 million laptops can give hackers the ability to modify a computer’s UEFI. Short for Unified Extensible Firmware Interface, the UEFI is the software that bridges a computer’s device firmware with its operating system. As the first piece of software to run when virtually any modern machine is turned on, it’s the initial link in the security chain. Because the UEFI resides in a flash chip on the motherboard, infections are difficult to detect and even harder to remove.

Oh, no

Two of the vulnerabilities—tracked as CVE-2021-3971 and CVE-2021-3972—reside in UEFI firmware drivers intended for use only during the manufacturing process of Lenovo consumer notebooks. Lenovo engineers inadvertently included the drivers in the production BIOS images without being properly deactivated. Hackers can exploit these buggy drivers to disable protections, including UEFI secure boot, BIOS control register bits, and protected range register, which are baked into the serial peripheral interface (SPI) and designed to prevent unauthorized changes to the firmware it runs.

After discovering and analyzing the vulnerabilities, researchers from security firm ESET found a third vulnerability, CVE-2021-3970. It allows hackers to run malicious firmware when a machine is put into system management mode, a high-privilege operating mode typically used by hardware manufacturers for low-level system management.

“Based on the description, those are all pretty ‘oh no’ sorts of attacks for sufficiently advanced attackers,” Trammel Hudson, a security researcher specializing in firmware hacks, told Ars. “Bypassing SPI flash permissions is pretty bad.”

He said the severity may be lessened by protections such as BootGuard, which is designed to prevent unauthorized people…

Source…