Bug

BootHole - GRUB2 sebezhetőség nyithat utat a Window és Linux rendszereken való tetszőleges kódfuttatás előtt

Címkék

Távoli kódfuttatást lehetővé tevő sebezhetőség az SMBv3-ban

Címkék

Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

We will update this advisory when updates are available. If you wish to be notified when this advisory is updated, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

Frissítsd az androidos Twitter alkalmazásod minél hamarabb!

Címkék

Súlyos sebezhetőséget javítottak az androidos Twitter alkalmazásban, így aki a napokban még nem frissítette vagy a beállításai miatt nem frissült még automatikus, annak érdemes mielőbb megtennie. Az alkalmazás frissítése elérhető a Google Play-en keresztül. 

Komoly biztonsági hiba a Signal üzenetküldő app androidos verziójában

Címkék

A Google P0 csapata egy hibát fedezett fel a Signal üzenetküldő app androidos változatában, amely lehetővé teszi a mikrofon bekapcsolását távoli készüléken. Signal alkalmazást használóknak érdemes mielőbb frissíteni a legfrissebb verzióra.

Hibás Google Chrome frissítés lehet az okozója a rejtélyes Mac Pro hibáknak

Címkék

Hétfőn számos hollywoodi film- és tévéstúdióban nehezítette a munkát az a jelenség ami a Mac Pro gépek meghibásodásához vezetett. Először vírusfertőzésre gyanakodtak, de később egy Google Chrome frissítés lett gyanús. A Google egyik szakembere megerősítette a gyanút:

We recently discovered that a Chrome update may have shipped with a bug that damages the file system on macOS machines with System Integrity Protection (SIP) disabled, including machines that do not support SIP. We've paused the release while we finalize a new update that addresses the problem.

Az érintett gépek javításához szükséges lépések megtalálhatók a Google alkalmazott fórumpostjában.

"Microsoft Windows RDP Network Level Authentication can bypass the Windows lock screen"

Címkék

Microsoft Windows Remote Desktop supports a feature called Network Level Authentication (NLA), which moves the authentication aspect of a remote session from the RDP layer to the network layer. The use of NLA is recommended to reduce the attack surface of systems exposed using the RDP protocol. In Windows a session can be locked, which presents the user with a screen that requires authentication to continue using the session. Session locking can happen over RDP in the same way that a local session can be locked. [...] Starting with Windows 10 1803 (released in April 2018) and Windows Server 2019, the handling of NLA-based RDP sessions has changed in a way that can cause unexpected behavior with respect to session locking. If a network anomaly triggers a temporary RDP disconnect, upon automatic reconnection the RDP session will be restored to an unlocked state, regardless of how the remote system was left. [...] At this point, an attacker can interrupt the network connectivity of the RDP client system. The RDP client software will automatically reconnect to the remote system once internet connectivity is restored. But because of this vulnerability, the reconnected RDP session is restored to a logged-in desktop rather than the login screen. This means that the remote system unlocks without requiring any credentials to be manually entered.

Részletek itt.

"macOS - Getting root with benign AppStore apps"

Címkék

I would like to show how I went down the rabbit hole in a quick ’research’ I wanted to do, and eventually found a local privilege escalation vulnerability in macOS. [...] So I reported and then Apple came back at one point for my privilege escalation ideas: “The App Review process helps prevent malicious applications from becoming available on the Mac and iOS App Stores.“ Obviously Apple didn’t understood the problem for first [...] As noted before, Apple fixed this exploit path in Mojave. This was in 2018 October, my POC didn’t work anymore, and without further testing I honestly thought that the privilege escalation issue is fixed - yes you could still drop files inside the app, but I thought that the symlink issue is solved. I couldn’t have been more wrong! But this turned out only later. [...] Privilege escalation returns on Mojave [...] I reported this around February to Apple, and tried to explain again in very detailed why I think the entire installation process is still broken, and could be abused. [...] Apple never admitted this as a security bug, they never assigned a CVE, they considered it as an enhancement. Finally this came with Mojave 10.14.5, and they even mentioned my name on their website. [...] The story goes on, as I bypassed Apple’s fix. An update will follow once they fixed the issue.

A teljes cikk itt olvasható.

Komoly audio problémák az újabb Mac-ekkel

Címkék

Panaszkodnak a profi audiosok, hogy a számukra egykor etalonnak számító Mac-ek komoly és mind ez idáig megoldatlan audio buggal rendelkeznek. A problémát az Apple saját tervezésű T2 security chipje okozza:

When your Mac updates its system clock, dropouts and glitches appear in the audio stream. [...] The workaround is fairly easy: switch off “Set date and time automatically” in System Preferences.

Részletek itt.