Search This Blog

Showing posts with label Web Server security. Show all posts

Apple pushes out silent update for Mac users to remove Zoom web server

Earlier this week, a US-based security researcher named Jonathan Leitschuh had publicly disclosed a major vulnerability in the Zoom video conferencing software for Apple’s Mac computers which could make any website start a video-enabled call by hacking the webcam of the system. Now, according to a report by TechCrunch, Apple has pushed out an update silently to the macOS which removes the Zoom web server.

As per the report, the US-based technology giant has confirmed the said update has been released and it is installed automatically and does not require any interaction with the user. The purpose of the update is only to remove the local web server installed by the Zoom app. The company said that it pushed the update to protect its users from the risks posed by the exposed web server.

According to Leitschuh’s claims earlier this week, even if Mac users uninstall the Zoom app from their system, the web server continues to persist and it can reinstall Zoom without the user’s permission.

In a statement to The Verge and ZDNet, Zoom had said that it developed the local web server to save Mac users from too many clicks, after Apple changed their Safari browser in a way that requires Zoom users to confirm that they want to launch Zoom every single time. Zoom also said that it will tweak the app such that it will save the user’s and administrator’s preferences for whether the video will be turned on, or not, when they first join a call.

However, it seems Apple took it upon itself to rescue its users from the security vulnerability posed by Zoom app. The silent update was all the more needed because Zoom had installed a local web server that could reinstall the app even if the user had previously uninstalled it.

Mailsploit: Email that permits sender spoofing

Pretending to be somebody you're not in an email has never been very sufficiently hard – all thanks to phishing, that endless scourge of web security. In any case, now one researcher recently, has uncovered another gathering of bugs in an email program that by and large strip away even the current, defective protections against email impersonation, enabling anybody to imperceptibly spoof a message with no allude at all to the recipient.

 On Tuesday, Sabri Haddouche, a developer and a bug hunter revealed a noteworthy new email spoofing strategy. Named Mailsploit, the strategy use bugs in email clients and enables hackers to dispatch imperceptible email spoofing attack, including well know clients like Microsoft outlook 2016, apple mail, Yahoo! Mail and many more.

Mailsploit has the capacity to effectively go through email servers and circumvent the already established spoofing protection like DMARC and other spam filters. This implies that if the server is configured to utilize DMARC or Domain Keys Identified Mail (DKIM) it will regard a message as genuine, regardless of whether it ought to be spam-binned. Through a demo that Haddouche has made accessible on his site depicting the Mailsploit attack gives anybody the access to send messages from whichever address they desire; thinkblue@whitehouse.gov, redpigeon.9898@gmail.com or some other made up the email address that may trap somebody into surrendering their private information and details. Mailsploit now though has made it possible that no amount of scrutiny in the email client can help uncover the fakery.

 Where is DMARC?

 Domain-based Message Authentication, reporting and conformance, which blocks spoofed emails via painstakingly sifting through those whose headers pretend to originate from an unexpected source in comparison to the server that sent them. This authentication system has progressively been embraced by different administrators throughout the years.

 In any case, Mailspoilt's tricks defeat DMARC by misusing how email servers handle content information uniquely in contrast to desktop and portable or mobile working systems. By creating email headers to exploit the imperfect execution of a 25-year-old framework for coding ASCII characters in email headers known as RFC-1342, and the peculiarity of how Windows, Android, iOS, and macOS handle content, Haddouche has demonstrated that he can surely trap email servers into interpreting the email headers in one way, while email client programs read them in a totally different way.

 The interwoven fixes 

Haddouche says he contacted the majority of the influenced firm’s months prior to caution them about the vulnerabilities he's found. Yahoo! Mail, Protonmail and Hushmail have effectively settled their bugs, while firms like Apple and Microsoft are as yet dealing with it. In any case, Mozilla and Opera both have informed him that they don't plan to settle their Mailspolit bugs as they appear of being simply server-side issues.

 Haddouche further added that email providers and firewalls can likewise be set to filter this attack regardless of whether email clients stay helpless against it. Beyond the particular bugs that Mailspolit features, Haddouche's research focuses on a more principal issue with email authentication, as security add-ons for email like DMARC were intended to stop spam, not focused on spoofing.

Nevertheless, Haddouche recommends the users to stay tuned for more security updates to email clients to fix the Mailsploit bugs. As meanwhile, it's always insightful to treat emails with caution.

CVE-2013-2028 : Buffer Overflow vulnerability fixed in nginx 1.5.0, 1.4.1


A security researcher Greg MacManus from iSIGHT Partners Labs discovered a critical security flaw in several recent version of NGINX - an open source web server.

"A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution"

The security flaw now identified with CVE id "CVE-2013-2028" affects nginx version 1.3.9 - 1.4.0. NGINX developers released patch for fixing this security vulnerability.

The problem is fixed in nginx 1.5.0, 1.4.1. Patch for the problem can be found here: http://nginx.org/download/patch.2013.chunked.txt