Security Vulnerability in Android allows any app to make phone calls

An application normally needs permission and should alert user that it needs permission to make phone call, when it is being installed.

Researchers at Security firm CureSec has discovered a security flaw in the Android system that allows malicious applications to initiate unauthorized phone calls. 

By exploiting this vulnerability, malicious apps can make phone calls to premium-rated numbers and terminate any outgoing calls.  It is also capable of sending Unstructured Supplementary Service Data (USSD) codes that can be used for enabling call forwarding, blocking your sim cards and so on.

The security bug appears to be introduced in Android Jelly bean 4.1.1  and it exits in all latest versions through Android Kitkat 4.4.2.

CureSec has also released a source code and proof-of-concept application to demonstrate the existence of vulnerability.

The bug has been fixed in the latest version of android (v4.4.4).

Bug in GnuTLS allows hackers to run malicious code in Your Linux

Another major security vulnerability has been discovered in the popular cryptographic Library 'GnuTLS' that leaves Linux vulnerable to remote code execution.

GNUTLS is a free library implementing Secure Socket Layer(SSL), Transport Layer Security (TLS) and Datagram Transport Layer Security(DTLS) protocols which are used to offer secure communications.
 
"A flaw was found in the way GnuTLS parsed session ids from Server Hello packets of the TLS/SSL handshake." an entry posted on the Red Hat Bug Tracker reads.

Flaw: The read_server_hello function checks only whether the length of the Session ID does not exceed incoming packet size but it fails to ensure it doesn't exceed maximum length of Session ID.

A malicious server could exploit this vulnerability by sending a very long Session ID value and run a malicious code in "a connecting TLS/SSL client using GnuTLS".

In March, a different vulnerability was patched in GnuTLS Library that could have allowed attackers "to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker"

I've updated my Linux, Did you?

Update your Adobe flash player to stay safe


Few days after Microsoft published a security advisory about a new critical security bug in IE that is being used in limited and targeted attacks, Adobe has issued an emergency security update to fix a critical vulnerability(CVE-2014-0515) in flash player.

Please note that it is completely unrelated to IE Exploit in which bug was in IE and the flash file(.swf) used for making the attack successful.  But, in this case, the bug exists in the flash player plugin. 

So, people who use vulnerable version of Adobe Flash player likely to be vulnerable to this attack.

If you are using windows or Mac, make sure you have the latest flash player version 13.0.0.206.  If you are using Linux, make sure to update to the latest version 11.2.202.356.

This new zero-day flash exploit was spotted as being used in Watering-hole attacks by researchers at Kaspersky Labs in early April.

According to SecureList, this flash exploit spread from a Syrian Justice Ministry website(jpic.gov.sy).  Researchers believe the attack was designed to compromise the computers of Syrian dissidents complaining about the government.

Buffer Overflow vulnerability in Acunetix scanner allows to hack the noobs who attack your website

Danor Cohen, a Security researcher who recently discovered the 'WinRAR file spoofing vulnerability', has discovered one more zero day vulnerability.  This time it is Buffer Overflow vulnerability in one of the popular web application vulnerability scanner 'Acunetix'.

There is a feature in Acunetix that allows to scan the additional domains or subdomains detected during the scan.

"It learns about the external related domains from the external sources that appear at the scanned website, for example: "<a href=http://externalSource.com/ ></a>"

Danor found that if the 'external' source url's length is larger than 268Bytes, the Acunetix vulnerability scanner will get crashed.

For Ex:
 <A href= “http://AAAAAAAAAAAAAAAAAAAAAAAAAA...........AAAAA”>

Researcher managed to exploit this vulnerability and successfully launched an executable file(calc.exe). By modifiying the code, one can infect the computers of newbies with a malware who attempt to scan their websites.

More technical details are available at his blog post.

Here is Proof of concept video:


*Update*:
Acunetix says this vulnerability affects only the illegitimate(cracked) copies of Acunetix WVS.

"The blogger seems to have managed to pull his exploit by using a cracked version of v8. The cracked version, probably required the replacement of the official executable with a vulnerable one." Acunetix says.

"Once again we want to re-assure all users of legitimate installations of Acunetix WVS that they are in no danger, and are not affected by this at all"

Opening malicious PDF in Android version of Adobe reader allows attacker to access files


The android version of Adobe PDF Reader contains a security bug that could allow an attacker to compromise documents stored in reader and other files stored on the android's SD card.

Security researcher says the problem is there because the Adobe reader exposes few insecure javascript interfaces.  These javascript interfaces allows an attacker to run malicious javascript code inside Adobe reader.

"An attacker can create a specially crafted PDF file containing Javascript that runs when the target user views (or interacts with) this PDF file" security researcher Yorick Koster from Security said.

Researcher has successfully verified the existence of vulnerability in the version 11.1.3 of the adobe reader for Android. The bug has been fixed in the latest version 11.2.0.

He also have released a poc code that will create '.txt' file, when an user open the specially crafted .pdf on vulnerable version of reader.

How researchers hack Google using XXE vulnerability !

What is most secure website? NOTHING.  Even Google is vulnerable to all sort of attacks!

Security researchers and Co-Founders of Detectify have discovered a critical security vulnerability in Google that allowed them to access Internal servers.

The vulnerability exists in the Google Toolbar button gallery.  The page allows users to customize their toolbar with buttons. It also allows users to create their own buttons by uploading XML file containing various meta data.

Researchers identified this function is vulnerable to XML External Entity vulnerability.

By sending a crafted XML file, researchers are able to gain access to internal files stored in one of Google's product server.  They have managed to read the 'etc/passwd' and 'etc/hosts' files of the server. 

By exploiting this vulnerability, researchers could have accessed any files on the Google's server, also they could have done SSRF Exploitation to access internal systems.

Google has rewarded the researchers with $10,000 for finding and reporting this vulnerability.