Search This Blog

Showing posts with label Application Vulnerability. Show all posts

Security flaw in Bluetooth-enabled devices

A group of security researchers at the Center for IT-Security, Privacy, and Accountability (CISPA) found a flaw that could affect billions of Bluetooth-enabled devices, which includes smartphones, laptops, smart IoT devices, and other devices.

The experts named the vulnerability as CVE-2019-9506 and they tagged it as a KNOB (Key Negotiation of Bluetooth).

According to the researchers, the flaw in Bluetooth’s authentication protocols enables hackers to compromise the devices and spy on data transmitted between the two devices. The astonishing fact about the flaw is that the hackers could exploit this vulnerability even though the devices had been paired before.

However, the KNOB’s official website, every standard-compliant Bluetooth device could be exploited. “We conducted KNOB attacks on more than 17 unique Bluetooth chips (by attacking 24 different devices). At the time of writing, we were able to test chips from Broadcom, Qualcomm, Apple, Intel, and Chicony manufacturers. All devices that we tested were vulnerable to the KNOB attack,” it reads.

Bluetooth SIG has issued a security notice regarding the vulnerability.

  • Conditions for a successful attack:
  • Both the devices have to be vulnerable
  • Both the devices have to be within the range establishing a BR/EDR connection. If any of the devices are not affected by the vulnerability, the attack wouldn’t work
  • Direct transmissions between devices while pairing has to be blocked
  • Existing connections won’t lead to a successful attack — it has to be done during negotiation or renegotiation of a paired device connection

Bluetooth  SIG has started working on updating a remedy for the flaw. 

Vulnerability in DHCP client let hackers take control of network

A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets.

A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requesting-configuration parameter, such as an IP address from a DHCP server and the DHCP client can be configured on Ethernet interfaces.

In order to join a client to the network, the packer required to have all the TCP/IP configuration information during DHCP Offer and DHCP Ack.

DHCP protocol works as a client-server model, and it is responsible to dynamically allocate the IP address if the user connects with internet also the DHCP server will be responsible for distributing the IP address to the DHCP client.

This vulnerability will execution the remote code on the system that connected with vulnerable DHCP client that tries to connect with a rogue DHCP server.

Vulnerability Details The remote code execution vulnerability exactly resides in the function of dhcpcore.dll called “DecodeDomainSearchListData” which is responsible for decodes the encoded search list option field value.

During the decoding process, the length of the decoded domain name list will be calculated by the function and allocate the memory and copy the decoded list.

According to McAfee research, A malicious user can create an encoded search list, such that when DecodeDomainSearchListData function decodes, the resulting length is zero. This will lead to heapalloc with zero memory, resulting in an out-of-bound write.

The vulnerability has been patched, and it can be tracked as CVE-2019-0547, The patch includes a check which ensures the size argument to HeapAlloc is not zero. If zero, the function exits.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

How the Mackeeper failed to secure Mac

Mackeeper, the program designed to keep Mac computers secure suffers from a critical remote code execution vulnerability.

This flaw lies in the lack of input validation during the handling of custom URLs by the program. It allows hackers to execute arbitrary commands with root privilege with little to no user interaction. It can happen when users visited specially crafted webpages in the Safari browser.

If the user had already provided their password to MacKeeper during normal course of operation of the program, the user will not be alerted for their password prior to the execution of the arbitrary command.

If the user did not previously authenticate, they will be prompted to enter their authentication details, however, the text that appears for the authentication dialogue can be manipulated to appear as anything, so the user might not realize the true consequences of the action.

The vulnerability, quite possibly a zero-day one was discovered by security researcher Braden Thomas who released a demonstration link as proof-of-concept (POC) through which the Mackeeper program was automatically un-installed upon simply clicking the external link. 

Mackeeper is a controversial program amongst the Mac users owing to its pop-up and advertisements, but apparently has 20 million downloads worldwide.

The vulnerability existed even in  the latest version 3.4. The company has advised users to run Mackeeper update tracker and install 3.4.1 or later. For users who have not updated, they can use a browser other than Safari or remove the custom URL scheme handler from Mackeeper's info.plist file.

VMware Patches critical directory traversal vulnerability in its VMware View

VMware has patched a critical directory traversal vulnerability in its View VMWare desktop virtualization platform that could allow a hacker to access arbitrary files from affected View Servers.

The vulnerability affects both the View Connection Server and the View Security Server. The vulnerability was discovered by Digital Defense, a security service provider.

According to VMware advisory, the affected versions are View 5.x prior to 5.1.2 and 4.x prior to 4.6.2. Users are advised to upgrade to the latest version.

Users who are unable to immediately update their View Servers are advised to "Disable security server" or "blocking directory traversal attacks with an intrusion detection/prevention system or an application firewall".

CVE-2012-4170 : Adobe fixes Buffer Overflow Vulnerability in Photoshop

Adobe has released an update to Photoshop CS6 with version 13.0.1. This update closes a critical Remote Buffer overflow vulnerability in the PNG Image Processing.

Francis Provencher has discovered a vulnerability in Adobe Photoshop CS6, which can be exploited by malicious people to compromise a user's system.

According to Secunia advisory, The vulnerability is caused due to a boundary error in the "Standard MultiPlugin.8BF" module when processing a Portable Network Graphics (PNG) image. This can be exploited to cause a heap-based buffer overflow via a specially crafted "tRNS" chunk size.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious image.

The vulnerability is reported in versions 13.x only for Windows and Macintosh (confirmed in 13.0 20120315.r.428 on Windows).

Users can upgrade to Photoshop CS6 13.0.1 by selecting "Updates" under the Photoshop Help menu; this will launch the Adobe Application Manager, allowing users to select and install the update.

CVE-2012-0681 : Apple fixes Information disclosure vulnerability in Remote Desktop

Apple has released version 3.6.1 of its Apple Remote Desktop application to fix an information disclosure vulnerability.

Vulnerability Details(CVE-2012-0681):
When connecting to a third-party VNC server with "Encrypt all network data" set, data is not encrypted and no warning is produced.

According to Apple security advisory,  This issue does not affect Apple Remote Desktop 3.5.1 and earlier. Versions 3.5.2 up to and including 3.6.0 are affected;

The latest version 3.6.1 address this issue by creating an SSH tunnel for the VNC connection when "Encrypt all network data" is set. If this is not possible, ARD will prevent the connection.

Apple Remote Desktop 3.6.1 may be obtained from Mac App Store,the Software Update pane in System Preferences, or Apple's Software Downloads web site: