Security
Headlines
HeadlinesLatestCVEs

Headline

Apple, Microsoft, and Google Just Fixed Multiple Zero-Day Flaws

Plus: Mozilla patches 10 Firefox bugs, Cisco fixes a vulnerability with a rare maximum severity score, and SAP releases updates to stamp out three highly critical flaws.

Wired
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#cisco#intel#rce#buffer_overflow#asus#samsung#auth#zero_day#chrome#webkit#firefox#sap

Fall is here, but hot zero-day summer shows no signs of cooling down, with the likes of Apple, Microsoft, and Google fixing flaws being used in real-life attacks.

Some major enterprise fixes were released during the month, including a Cisco patch for a vulnerability with a maximum CVSS score of 10.

Spyware has been a prominent trend over the past couple of months, and it’s a threat everyone should take seriously. Attacks can reach devices without any interaction from the user, so it’s important to keep your operating system up to date.

Here’s everything you need to know about the patches issued in September.

Apple iOS and iPad OS

Apple didn’t release any security updates in August, but the iPhone maker sure made up for it in September. First came iOS 16.6.1, an emergency security update released on September 9 to fix two flaws already being used in so-called “zero-click” attacks.

Reported by researchers at the University of Toronto’s Citizen Lab, the vulnerabilities were used to plant spyware via attachments containing malicious images in an iMessage, in an attack the researchers called BLASTPASS.

In mid-September, Apple released its major software upgrade, iOS 17, followed by iOS 17.0.1 a few days later. The surprise iOS 17.0.1 upgrade was important because it fixed another three iPhone flaws being used in spyware attacks.

Tracked as CVE-2023-41992 and reported by security researchers at Citizen Lab and Google, the first issue is a flaw in the kernel that could allow an attacker to escalate privileges. The other two vulnerabilities in WebKit and Security could potentially be chained together to take over a user’s device.

The flaws patched in iOS 17.0.1 were also fixed in the iOS 16.7 release for users of older iPhones or people who don’t want to upgrade to the latest software.

At the end of September, Apple released iOS 17.0.2 to fix some early iOS 17 bugs, and this is the latest version of the software, as of publication.

Apple has also released macOS Sonoma 14 to fix over 60 vulnerabilities.

Google Android

September was a big security month for Google’s Android users, with the monthly patch fixing 33 flaws, including one already being used in attacks. Tracked as CVE-2023-35674, the vulnerability in the framework could allow an adversary to elevate privileges without any interaction from the user. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” Google said in its Android Security Bulletin.

Another severe issue is a critical security vulnerability in the system component that could lead to remote code execution with no additional execution privileges needed.

The Android security update has already reached Google’s own Pixel devices as well as Samsung devices, including the Galaxy S23 and S22 series.

Google Chrome

At the end of September, Google updated its Chrome browser after fixing 10 vulnerabilities, one of which was already being exploited by adversaries. Tracked as CVE-2023-5217 and rated as having a high impact, the already-exploited bug is a heap buffer overflow flaw in vp8 encoding in libvpx. “Google is aware that an exploit for CVE-2023-5217 exists in the wild,” the software giant said in an advisory.

The flaw was used in targeted spyware attacks, Google security researcher Maddie Stone later confirmed on Twitter.

Earlier in the month, Google fixed another zero-day flaw, a heap buffer overflow issue initially tracked as CVE-2023-4863, which it thought impacted only the Chrome browser. But two weeks after fixing the issue, researchers discovered it was worse than they thought, affecting the widely-used libwebp image library for rendering images in the WebP format.

Now tracked as CVE-2023-5129, it is thought the bug impacts every application that uses the libwebp library to process WebP images. “The scope of this vulnerability is much wider than initially assumed, affecting millions of different applications worldwide,” security firm Rezilion wrote in a blog.

The security outfit also thinks it is “highly likely” that the underlying issue in the libwebp library is the same issue resulting in CVE-2023-41064—one of the Apple flaws used as part of the BLASTPASS exploit chain to deploy the NSO Group’s Pegasus spyware.

Microsoft

Microsoft’s September Patch Tuesday is one to remember, as it fixed around 65 flaws, two of which are already being exploited by attackers. Tracked as CVE-2023-36761, the first is a Microsoft Word information disclosure vulnerability that could allow NTLM hashes to be exposed.

The second and most severe flaw is a privilege-escalation vulnerability in Microsoft Streaming Service Proxy tracked as CVE-2023-36802. An attacker who successfully exploited this vulnerability could gain system privileges, Microsoft said, adding that exploitation of the flaw has been detected.

Both flaws are marked as important, so it’s a good idea to update your devices as soon as you can.

Mozilla Firefox

Firefox has had a hectic month after Mozilla fixed 10 flaws in its privacy-conscious browser. CVE-2023-5168 is an out-of-bounds write bug in FilterNodeD2D1 affecting Firefox on Windows, rated as having a high impact.

CVE-2023-5170 is a flaw that could result in memory leak from a privileged process. This could be used to effect a sandbox escape if the correct data was leaked, Firefox owner Mozilla said in an advisory.

Meanwhile, CVE-2023-5176 covers memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code,” Mozilla said.

Cisco

At the start of the month, Cisco issued a patch for a vulnerability in the single sign-on implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform that could allow an unauthenticated, remote attacker to forge credentials to access an affected system. Tracked as CVE-2023-20238, the flaw has been given a maximum CVSS score of 10.

Also this month, Cisco patched a zero-day in Adaptive Security Appliance and Firepower Threat Defense software already exploited in Akira ransomware attacks. Tracked as CVE-2023-20269 and with a medium severity CVSS score of 5, the vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute-force attack to identify valid username and password combinations.

SAP

Enterprise software firm SAP has issued several important fixes as part of its September Security Patch Day. This includes a patch for CVE-2023-40622, an information disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform with a CVSS score of 9.9. “A successful exploit provides information that can be used in subsequent attacks, leading to a complete compromise of the application,” security firm Onapsis said.

CVE-2023-40309 is a missing authorization check issue in SAP CommonCryptoLib with a CVSS score of 9.8. The flaw can result in an escalation of privileges and in the worst case, attackers can compromise the affected application completely, Onapsis said.

Meanwhile, CVE-2023-42472 is an insufficient file type validation flaw in SAP BusinessObjects Business Intelligence Platform with a CVSS score of 8.7.

Related news

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is

Akira ransomware continues to evolve

As the Akira ransomware group continues to evolve its operations, Talos has the latest research on the group's attack chain, targeted verticals, and potential future TTPs.

Gentoo Linux Security Advisory 202402-25

Gentoo Linux Security Advisory 202402-25 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.7.0 are affected.

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this

Medusa Ransomware on the Rise: From Data Leaks to Multi-Extortion

The threat actors associated with the Medusa ransomware have ramped up their activities following the debut of a dedicated data leak site on the dark web in February 2023 to publish sensitive data of victims who are unwilling to agree to their demands. “As part of their multi-extortion strategy, this group will provide victims with multiple options when their data is posted on their

Gentoo Linux Security Advisory 202401-10

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

CVE-2023-48660: DSA-2023-443: Dell PowerMaxOS 5978, Dell Unisphere 360, Dell Unisphere for PowerMax, Dell Unisphere for PowerMax Virtual Appliance, Dell Solutions Enabler Virtual Appliance, and Dell PowerMax EEM Secu

Dell vApp Manger, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A remote attacker could potentially exploit this vulnerability to read arbitrary files from the target system.

Ubuntu Security Notice USN-6403-3

Ubuntu Security Notice 6403-3 - USN-6403-1 fixed several vulnerabilities in libvpx. This update provides the corresponding update for Ubuntu 16.04 LTS. It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

October 2023: back to Positive Technologies, Vulristics updates, Linux Patch Wednesday, Microsoft Patch Tuesday, PhysTech VM lecture

Hello everyone! October was an interesting and busy month for me. I started a new job, worked on my open source Vulristics project, and analyzed vulnerabilities using it. Especially Linux vulnerabilities as part of my new Linux Patch Wednesday project. And, of course, analyzed Microsoft Patch Tuesday as well. In addition, at the end of […]

Ransomware review: October 2023

Categories: Threat Intelligence In September, two high-profile casino breaches taught us about the nuances of the RaaS affiliate landscape, the asymmetric dangers of phishing, and of two starkly different approaches to ransomware negotiation. (Read more...) The post Ransomware review: October 2023 appeared first on Malwarebytes Labs.

Red Hat Security Advisory 2023-5537-01

Red Hat Security Advisory 2023-5537-01 - The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Issues addressed include a buffer overflow vulnerability.

RHSA-2023:5537: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compiled with this library. * CVE...

RHSA-2023:5540: Red Hat Security Advisory: libvpx security update

An update for libvpx is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-5217: A heap-based buffer overflow flaw was found in the way libvpx, a library used to process VP8 and VP9 video codecs data, processes certain specially formatted video data via a crafted HTML page. This flaw allows an attacker to crash or remotely execute arbitrary code in an application, such as a web browser that is compile...

Red Hat Security Advisory 2023-5475-01

Red Hat Security Advisory 2023-5475-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:5475: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could...

Red Hat Security Advisory 2023-5447-01

Red Hat Security Advisory 2023-5447-01 - The Migration Toolkit for Containers enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5426-01

Red Hat Security Advisory 2023-5426-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5430-01

Red Hat Security Advisory 2023-5430-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

Red Hat Security Advisory 2023-5435-01

Red Hat Security Advisory 2023-5435-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.3.1. Issues addressed include buffer overflow, out of bounds write, and use-after-free vulnerabilities.

RHSA-2023:5447: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.8.0 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.8.0 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-26115: A flaw was found in the Node.js word-wrap module, where it is vulnerable to a denial of service caused by a Regular expression denial of service (ReDoS) issue in the result variable. By sending a specially crafted regex input, a remote attacker can cause a denial of service.

Debian Security Advisory 5513-1

Debian Linux Security Advisory 5513-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.

RHSA-2023:5429: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a po...

RHSA-2023:5434: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could hav...

RHSA-2023:5438: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as:...

RHSA-2023:5432: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploit...

RHSA-2023:5426: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable...

RHSA-2023:5433: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could hav...

RHSA-2023:5440: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A c...

RHSA-2023:5437: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potent...

RHSA-2023:5436: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised...

RHSA-2023:5435: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised content process could...

RHSA-2023:5427: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3600: The Mozilla Foundation Security Advisory describes this flaw as: During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. * CVE-2023-5169: A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: A compromised...

Ubuntu Security Notice USN-6405-1

Ubuntu Security Notice 6405-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. Andrew McCreight discovered that Thunderbird did not properly manage during the worker lifecycle. An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6404-1

Ubuntu Security Notice 6404-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Ronald Crane discovered that Firefox did not properly manage memory when non-HTTPS Alternate Services is enabled. An attacker could potentially exploit this issue to cause a denial of service.

Ubuntu Security Notice USN-6403-1

Ubuntu Security Notice 6403-1 - It was discovered that libvpx did not properly handle certain malformed media files. If an application using libvpx opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

Apple Security Advisory 09-26-2023-4

Apple Security Advisory 09-26-2023-4 - macOS Ventura 13.6 addresses bypass, code execution, out of bounds read, and use-after-free vulnerabilities.

Apple Security Advisory 09-26-2023-3

Apple Security Advisory 09-26-2023-3 - iOS 16.7 and iPadOS 16.7 addresses bypass, code execution, and out of bounds read vulnerabilities.

Debian Security Advisory 5510-1

Debian Linux Security Advisory 5510-1 - Clement Lecigne discovered a heap-based buffer overflow in libvpx, a multimedia library for the VP8 and VP9 video codecs, which may result in the execution of arbitrary code if a specially crafted VP8 media stream is processed.

Debian Security Advisory 5509-1

Debian Linux Security Advisory 5509-1 - A buffer overflow in VP8 media stream processing has been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5508-1

Debian Linux Security Advisory 5508-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined below: CVE-2023-4863 Microsoft Edge Microsoft Teams for Desktop Skype for Desktop Webp Image Extensions (Released on Windows and updates through Microsoft Store) CVE-2023-5217

September 2023: VM courses, Bahasa Indonesia, Russian Podcasts, Goodbye Tinkoff, MS Patch Tuesday, Qualys TOP 20, Linux, Forrester, GigaOm, R-Vision VM

Hello everyone! On the last day of September, I decided to record another retrospective episode on how my Vulnerability Management month went. Alternative video link (for Russia): https://vk.com/video-149273431_456239136 September was quite a busy month for me. Vulnerability Management courses I participated in two educational activities. The first one is an on-line cyber security course for […]

Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird

By Waqas The vulnerability was reported by Clément Lecigne of Google's Threat Analysis Group (TAG). This is a post from HackRead.com Read the original post: Mozilla Rushes to Fix Critical Vulnerability in Firefox and Thunderbird

Debian Security Advisory 5506-1

Debian Linux Security Advisory 5506-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code

Update Chrome now! Google patches another actively exploited vulnerability

Categories: Exploits and vulnerabilities Categories: News Google has updated its Chrome Stable Channel to fix, among other things, an actively exploited vulnerability (Read more...) The post Update Chrome now! Google patches another actively exploited vulnerability appeared first on Malwarebytes Labs.

The security pitfalls of social media sites offering ID-based authentication

Two notable vulnerabilities in Google Chrome should be patched asap, and an allegedly new ransomware-as-a-service group.

Ubuntu Security Notice USN-6369-2

Ubuntu Security Notice 6369-2 - USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

CVE-2023-5217

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Critical Chrome Update Counters Spyware Vendor’s Exploits

By Waqas Ensure Your Chrome Browser Is Up to Date and Secure: Enable Automatic Updates to Safeguard Against Cybersecurity Threats This is a post from HackRead.com Read the original post: Critical Chrome Update Counters Spyware Vendor’s Exploits

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a heap-based buffer overflow in the VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). Exploitation of such buffer overflow flaws can

CVE-2023-5168: Invalid Bug ID

A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5176: Security Vulnerabilities fixed in Firefox 118

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5176: Security Vulnerabilities fixed in Firefox 118

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

CVE-2023-5176: Security Vulnerabilities fixed in Firefox 118

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.

Pegasus spyware and how it exploited a WebP vulnerability

Categories: Android Categories: Apple Categories: Exploits and vulnerabilities Tags: Pegasus Tags: spyware Tags: nso Tags: webp Tags: libwebp Tags: buffer overflow The company behind the infamous Pegasus spyware used a vulnerability in almost every browser to plant their malware on victim's devices. (Read more...) The post Pegasus spyware and how it exploited a WebP vulnerability appeared first on Malwarebytes Labs.

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially

Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score

Google has assigned a new CVE identifier for a critical security flaw in the libwebp image library for rendering images in the WebP format that has come under active exploitation in the wild. Tracked as CVE-2023-5129, the issue has been given the maximum severity score of 10.0 on the CVSS rating system. It has been described as an issue rooted in the Huffman coding algorithm - With a specially

CVE-2023-5129

With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.

Apple Security Advisory 2023-09-21-7

Apple Security Advisory 2023-09-21-7 - macOS Monterey 12.7 addresses a privilege escalation vulnerability.

Apple Security Advisory 2023-09-21-6

Apple Security Advisory 2023-09-21-6 - macOS Ventura 13.6 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-5

Apple Security Advisory 2023-09-21-5 - watchOS 9.6.3 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-4

Apple Security Advisory 2023-09-21-4 - watchOS 10.0.1 addresses bypass vulnerabilities.

Apple Security Advisory 2023-09-21-2

Apple Security Advisory 2023-09-21-2 - iOS 17.0.1 and iPadOS 17.0.1 addresses bypass vulnerabilities.

Apple and Chrome Zero-Days Exploited to Hack Egyptian ex-MP with Predator Spyware

The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023. "The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the

Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

By Waqas Former Egyptian MP targeted with predator spyware ahead of 2024 presidential run - Therefore, Update your macOS Ventura, iOS, and iPadOS devices NOW, as Apple has released emergency updates to address the flaws. This is a post from HackRead.com Read the original post: Zero-Day iOS Exploit Chain Infects Devices with Predator Spyware

Emergency update! Apple patches three zero-days

Categories: Exploits and vulnerabilities Categories: News Tags: Apple Tags: emergency Tags: update Tags: CVE-2023-41991 Tags: CVE-2023-41992 Tags: CVE-2023-41993 Apple has released patches for three zero-day vulnerabilities that may have been actively exploited. (Read more...) The post Emergency update! Apple patches three zero-days appeared first on Malwarebytes Labs.

Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable

Apple has released yet another round of security patches to address three actively exploited zero-day flaws impacting iOS, iPadOS, macOS, watchOS, and Safari, taking the total tally of zero-day bugs discovered in its software this year to 16. The list of security vulnerabilities is as follows - CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a

CVE-2023-41992: About the security content of watchOS 10.0.1

The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.

Red Hat Security Advisory 2023-5224-01

Red Hat Security Advisory 2023-5224-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5222-01

Red Hat Security Advisory 2023-5222-01 - The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format. Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently. Issues addressed include a buffer overflow vulnerability.

Red Hat Security Advisory 2023-5223-01

Red Hat Security Advisory 2023-5223-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.15.1. Issues addressed include a buffer overflow vulnerability.

RHSA-2023:5222: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5200: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5191: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw to crash or execute remotely arbitrary code in an application such as a web browser compiled with this library.

RHSA-2023:5186: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this f...

RHSA-2023:5190: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-4863: A heap-based buffer flaw was found in the way libwebp, a library used to process "WebP" image format data, processes certain specially formatted WebP images. An attacker could use this flaw ...

Apple Security Advisory 2023-09-11-3

Apple Security Advisory 2023-09-11-3 - macOS Big Sur 11.7.10 addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2023-09-11-2

Apple Security Advisory 2023-09-11-2 - macOS Monterey 12.6.9 addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2023-09-11-1

Apple Security Advisory 2023-09-11-1 - iOS 15.7.9 and iPadOS 15.7.9 addresses buffer overflow and code execution vulnerabilities.

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

Turns out even the NFL is worried about deepfakes

With the popularity of pay-for-shoutout services like Cameo, it’d be fairly easy for someone to develop a convincing enough deepfake of a player and try to steal someone’s money by saying they could prank their fantasy football league for $50.

Ubuntu Security Notice USN-6367-1

Ubuntu Security Notice 6367-1 - It was discovered that Firefox did not properly manage memory when handling WebP images. If a user were tricked into opening a webpage containing malicious WebP image file, an attacker could potentially exploit these to cause a denial of service or execute arbitrary code.

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws

Microsoft has released software fixes to remediate 59 bugs spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to 35 flaws patched in the Chromium-based Edge browser since last month's

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft's September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited. (Read more...) The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.

Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days

Categories: Business Categories: Exploits and vulnerabilities Categories: News Tags: Microsoft Tags: Adobe Tags: Android Tags: Apple Tags: Chrome Tags: SAP Tags: Exchange Tags: Visual Studio Tags: CVE-2023-36761 Tags: CVE-2023-36802 Tags: CVE-2023-29332 Tags: Azure Microsoft's September 2023 Patch Tuesday is another important one. It patches two vulnerabilities which are known to be actively exploited. (Read more...) The post Patch now! September Microsoft Patch Tuesday includes two actively exploited zero-days appeared first on Malwarebytes Labs.

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Adobe, Apple, Google & Microsoft Patch 0-Day Bugs

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

Microsoft Patch Tuesday for September 2023 — Unusually low 5 critical vulnerabilities included in Microsoft Patch Tuesday, along with two zero-days

Microsoft disclosed 65 vulnerabilities across its suite of products and software Tuesday, only five of which are considered critical, which is very low compared to Microsoft’s usual security updates.

CVE-2023-36802

Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability

Update Chrome now! Google patches critical vulnerability being exploited in the wild

Categories: Exploits and vulnerabilities Categories: News Tags: Google Tags: Chrome Tags: CVE-2023-4863 Tags: WebP Tags: buffer overflow Tags: 116.0.5845.187/.188 Chrome users are being urged to patch a critical vulnerability for which an exploit is available. (Read more...) The post Update Chrome now! Google patches critical vulnerability being exploited in the wild appeared first on Malwarebytes Labs.

CVE-2023-40309

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.

Two Apple issues added by CISA to its catalog of known exploited vulnerabilities

Categories: Exploits and vulnerabilities Categories: News Tags: Blastpass Tags: citizenlab Tags: pegasus Tags: nso Tags: cisa Tags: apple Tags: cve-2023-41064 Tags: cve-2023-41061 Tags: buffer overflow CISA has added two recently discovered Apple vulnerabilities to its catalog of known exploited vulnerabilities. (Read more...) The post Two Apple issues added by CISA to its catalog of known exploited vulnerabilities appeared first on Malwarebytes Labs.

CVE-2023-35684: Android Security Bulletin—September 2023

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2023-35674

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Apple Security Advisory 2023-09-07-2

Apple Security Advisory 2023-09-07-2 - iOS 16.6.1 and iPadOS 16.6.1 addresses buffer overflow and code execution vulnerabilities.

Apple Security Advisory 2023-09-07-1

Apple Security Advisory 2023-09-07-1 - macOS Ventura 13.5.2 addresses buffer overflow and code execution vulnerabilities.

Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition. The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks

Apple Rushes to Patch Zero-Day Flaws Exploited for Pegasus Spyware on iPhones

Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware. The issues are described as below - CVE-2023-41061 - A validation issue in Wallet that could result in arbitrary code execution when handling a maliciously crafted attachment. CVE-2023-41064

CVE-2023-20238: Cisco Security Advisory: Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability

A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.

CVE-2023-20269: Cisco Security Advisory: Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability

A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user. This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following: Identify valid credentials that could then be used to establish an unauthorized remote a...

Zero-Day Alert: Latest Android Patch Update Includes Fix for Newly Actively Exploited Flaw

Google has rolled out monthly security patches for Android to address a number of flaws, including a zero-day bug that it said may have been exploited in the wild. Tracked as CVE-2023-35674, the high-severity vulnerability is described as a case of privilege escalation impacting the Android Framework. “There are indications that CVE-2023-35674 may be under limited, targeted exploitation,” the