Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources.

Huawei Aslan Children's Watch has a path traversal vulnerability. Successful exploitation may allow attackers to access or modify protected system resources. (Vulnerability ID:HWPSIRT-2022-99716)

This vulnerability has been assigned a (CVE) ID: CVE-2022-44564

**Affected Product**

**Affected Version**

**Resolved Versions**

Aslan-AL10

Aslan-AL10-OTA 11.1.0.118(C00M06)-11.1.0.10118(C00M06)

Aslan-AL10-OTA 11.1.0.135(C00M08log)-11.1.0.10135(C00M08log)

Aslan-AL10

Aslan-AL10-OTA 11.1.0.118(C00M06)-11.1.0.10118(C00M06)

Aslan-AL10-OTA 11.1.0.135(C00M08log)-11.1.0.10135(C00M08log)

Aslan-AL10

Aslan-AL10-OTA 11.1.0.118(C00M06)-11.1.0.10118(C00M06)

Aslan-AL10-OTA 11.1.0.135(C00M08log)-11.1.0.10135(C00M08log)

HWPSIRT-2022-99716:

Successful exploitation could result in an attacker accessing or modifying protected system resources.

HWPSIRT-2022-99716:

Base score:8.4

Temporary score:7.8

Environmental Score:NA

CVSS v3.1 Vector: AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

HWPSIRT-2022-99716:

This vulnerability can be exploited only when the following conditions are present:

Attackers need to be able to install apps on devices.

Technical details:

Huawei Aslan Children's Watch does not properly verify the path transmitted in external input, leading to a path traversal vulnerability. An attacker who can install an app on the device can exploit this vulnerability by installing a malicious application. Successful exploitation may cause the attacker to access or modify protected system resources.

HWPSIRT-2022-99716:

This vulnerability was discovered by Huawei internal tester.

2022-11-02 V1.0 Initial Release;  

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-44564: Security Advisory - Path Traversal Vulnerability in a Huawei Children's Watch

There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band.

There is an insufficient authentication vulnerability in some Huawei band products. Successful exploit could allow the attacker to spoof then connect to the band. (Vulnerability ID: HWPSIRT-2022-85585)

This vulnerability has been assigned a (CVE) ID: CVE-2022-41579

  

Affected Product

Affected Version

Resolved Version

HOTA-Fara-B19

11.1.2.40-fullpackage-OTA

Fara-B19 11.1.5.8

Successful exploit could allow the attacker to spoof then connect to the band.  

The severity of the vulnerability in this advisory has been assessed by the Common Vulnerability Scoring System Version 3.0 (CVSS v3 Specification Document).

Base Score: 7.1 (AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H)

Temporal Score: 6.6 (E:F/RL:O/RC:C)

Overall Score: 6.6  

This vulnerability can be exploited only when the following conditions are present:

The attacker could fake certain credential then spoof the band.

Vulnerability details:

There is an insufficient authentication vulnerability in some Huawei band products. The band does not sufficiently authenticate the device try to connect to it in certain scenario. Successful exploit could allow the attacker to spoof then connect to the band.  

The product that supports automatic update will receive a system update prompt. You can install the update to fix the vulnerability.  

The vulnerability was discovered by an external researcher.  

2022-11-23 V1.0 Initial Release;

Huawei adheres to protecting the ultimate interests of users with best efforts and the principle of responsible disclosure and deal with product security issues through our response mechanism.

To enjoy Huawei PSIRT services and obtain Huawei product vulnerability information, please visit http://www.huawei.com/en/psirt.

To report a security vulnerability in Huawei products and solutions, please send it to PSIRT@huawei.com. For details, please visit http://www.huawei.com/en/psirt/report-vulnerabilities.

This document is provided on an "AS IS" basis and does not imply any kind of guarantee or warranty, either express or implied, including the warranties of merchantability or fitness for a particular purpose. In no event shall Huawei or any of its directly or indirectly controlled subsidiaries or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. Your use of the document, by whatsoever means, will be totally at your own risk. Huawei is entitled to amend or update this document from time to time.

CVE-2022-41579: huawei-sa-20221130-01-c7f72ffb-en

Threat actors continue to evolve the malicious botnet, which has also added a list of new vulnerabilities it can use to target devices.

A recently discovered botnet that attacks organizations through Internet of things (IoT) vulnerabilities has added brute-forcing and distributed denial-of-service (DDoS) attack vectors, as well as the ability to exploit new flaws to its growing arsenal, Microsoft security analysts have found. 

The updates to Zerobot, a malware first observed earlier this month by Fortinet researchers, pave the way for more advanced attacks as the threat continues to evolve, according to the Microsoft Security Threat Intelligence Center (MSTIC).

MSTIC revealed in a blog post on Dec. 21 that the threat actors have updated Zerobot to version 1.1, which can now target resources through DDoS and make them inaccessible, widening the possibilities for attack and further compromise.

"Successful DDoS attacks may be used by threat actors to extort ransom payments, distract from other malicious activities, or disrupt operations," the researchers wrote in the post. "In almost every attack, the destination port is customizable, and threat actors who purchase the malware can modify the attack according to their target."

**Brute-Forcing and Other Tactics**

Fortinet researchers already had tracked two previous versions of Zerobot — one that was quite basic and another that was more advanced. The botnet's principal mode of attack originally was to target various IoT devices — including products from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more — through flaws found in those devices, and then spread to other assets connected on the network that way to propagate the malware and grow the botnet.

Microsoft researchers now have observed the botnet getting more aggressive in its attacks on devices, using a new brute-force vector to compromise weakly secured IoT devices rather than just trying to leverage a known vulnerability, the researchers revealed.

"IoT devices are often internet-exposed, leaving unpatched and improperly secured devices vulnerable to exploitation by threat actors," they wrote in the post. "Zerobot is capable of propagating through brute-force attacks on vulnerable devices with insecure configurations that use default or weak credentials."

The malware attempts to to gain device access by using a combination of eight common usernames and 130 passwords for IoT devices over SSH and telnet on ports 23 and 2323 to spread to devices, the researchers wrote. In their observations alone, the MSTIC team identified numerous SSH and telnet connection attempts on default ports 22 and 23, as well as attempts to open ports and connect to them by port-knocking on ports 80, 8080, 8888, and 2323.

**An Expanded Security Vulnerability Exploit List**

Zerobot hasn't abandoned its original way to access devices, however, and has even expanded this practice. Prior to its new version, Zerobot already could exploit more than 20 flaws in assorted devices, including routers, webcams, network-attached storage, firewalls, and other products from a host of well-known manufacturers.

The botnet has now added seven new exploits for flaws to its quiver, found in Apache, Roxy-WI, Grandstream, and other platforms, the researchers found.

MSTIC also found new evidence that Zerobot propagates by compromising devices with known vulnerabilities that are not included in the malware binary, such as CVE-2022-30023, a command injection vulnerability in Tenda GPON AC1200 routers, they added.

**Zerobot's Post-Compromise Behavior**

Researchers also observed more about Zerobot's behavior once it gains device access. For one, it immediately injects a malicious payload — which may be a generic script called "zero.sh" that downloads and attempts to execute the bot, or a script that downloads the Zerobot binary of a specific architecture, they said.

"The bash script that attempts to download different Zerobot binaries tries to identify the architecture by brute-force, attempting to download and execute binaries of various architectures until it succeeds," the researchers wrote.

Once Zerobot achieves persistence, it scans for other devices exposed to the Internet that it can infect, by randomly generating a number between 0 and 255 and scanning all IPs starting with this value.

"Using a function called _new\_botnet\_selfRepo\_isHoneypot_, the malware tries to identify honeypot IP addresses, which are used by network decoys to attract cyberattacks and collect information on threats and attempts to access resources," the Microsoft researchers wrote. "This function includes 61 IP subnets, preventing scanning of these IPs."

Zerobot 1.1 uses scripts targeting various architectures, including ARM64, MIPS, and x86\_64. The researchers also have observed samples of the botnet on Windows and Linux devices, exhibiting different persistence methods based on the OS.

**Protecting the Enterprise**

Fortinet researchers already had stressed the importance of organizations immediately updating to the latest versions of any devices affected by Zerobot. Given that businesses are losing up to $250 million a year on unwanted botnet attacks, according to a report published last year from Netacea, the danger is real.

To help identify if an organization is vulnerable, Microsoft researchers included an updated list of CVEs that Zerobot can exploit in their post. The MSTIC team also recommended that organizations use security solutions with cross-domain visibility and detection capabilities to detect Zerobot malware variants and malicious behavior related to the threat.

Enterprises should also adopt a comprehensive IoT security solution that allows for visibility and monitoring of all IoT and operational technology (OT) devices, threat detection and response, and integration with SIEM/SOAR and extended detection and response (XDR) platforms, according to Microsoft.

As part of this strategy, they should ensure secure configurations for devices by changing default passwords to strong ones and blocking SSH from external access, as well as use least-privileges access including VPN service for remote access, the researchers said.

Another way to avoid compromise by Zerobot is to harden endpoints with a comprehensive security solution that manages the apps that employees can use and provides application control for unmanaged solutions, they said. This solution also should perform timely cleanup of unused and stale executables sitting on an organization's devices.

Zerobot Adds Brute Force, DDoS to Its IoT Attack Arsenal

The backup module has a path traversal vulnerability. Successful exploitation of this vulnerability causes unauthorized access to other system files.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the November 2022 Android security bulletin:

Critical: none

High: CVE-2022-20414, CVE-2022-20441, CVE-2022-20445, CVE-2022-20446, CVE-2022-20448, CVE-2022-20450, CVE-2022-20451, CVE-2022-20453, CVE-2022-20454, CVE-2022-20462, CVE-2022-20463, CVE-2022-20465, CVE-2022-2209, CVE-2022-25724, CVE-2022-25743, CVE-2021-1050, CVE-2022-25741

Medium: CVE-2022-20280, CVE-2022-20338

Low: none

Already included in previous updates: CVE-2022-25748, CVE-2022-20394, CVE-2021-39673, CVE-2022-20410, CVE-2022-20351, CVE-2022-26472, CVE-2022-22078

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2022-41591: Path traversal vulnerability in the backup module

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause unauthorized access to other system files.

CVE-2022-41596: Vulnerability of serialization/deserialization mismatch in system tools

Severity: High

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause unauthorized startup of components.

CVE-2022-41599: Return value vulnerability in system services

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-46312: Unstrict permission verification vulnerability in the app management module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will cause abnormal clearance of apps on the device.

CVE-2022-46317: Out-of-bounds read vulnerability in the power consumption module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect availability.

CVE-2022-46318: Vulnerability of functional logic errors in the HAware module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability will affect the account removal function in Settings.

CVE-2022-46319: Vulnerability of no boundary determination during fingerprint calibration

Severity: Medium

Affected versions: EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause out-of-bounds write.

CVE-2022-46320: Out-of-bounds read vulnerability in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause memory overwritting.

CVE-2022-46321: Permission verification vulnerability in the Wi-Fi module

Severity: Medium

Affected versions: EMUI 12.0.1, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-46322: Out-of-bounds memory write in some mobile phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause system services to be abnormal.

Acknowledgment: Wen Guanxing

CVE-2022-46323: Out-of-bounds memory write in some mobile phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause system services to be abnormal.

Acknowledgment: Wen Guanxing

CVE-2022-46324: Out-of-bounds memory write in some mobile phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause system services to be abnormal.

Acknowledgment: Wen Guanxing

CVE-2022-46325: Out-of-bounds memory write in some mobile phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause system services to be abnormal.

Acknowledgment: Wen Guanxing

CVE-2022-46326: Out-of-bounds memory write in some mobile phones

Severity: Critical

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause system services to be abnormal.

Acknowledgment: Wen Guanxing

CVE-2022-46327: Vulnerability of configuration issues in some mobile phones

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may lead to unauthorized operations, causing system services to be abnormal.

CVE-2022-46328: Input verification vulnerabilities in some mobile phones

Severity: High

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect confidentiality.

CVE-2022-41591: December

In findAllDeAccounts of AccountsDb.java, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12L Android-13Android ID: A-169762606

*   Docs
    *   Getting Started
    *   Security
    *   Core Topics
    *   Compatibility
    *   Android Devices
    *   Reference
*   GO TO CODE ➚

Stay organized with collections Save and categorize content based on your preferences.

_Published December 5, 2022 | Updated December 7, 2022_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2022-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution over Bluetooth with no additional execution privileges needed. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2022-12-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-12-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Android Runtime**

The vulnerability in this section could lead to local information disclosure with no additional execution privileges needed.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2022-20502

A-222166527

ID

High

13

**Framework**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2022-20472

A-239210579

RCE

Critical

10, 11, 12, 12L, 13

CVE-2022-20473

A-239267173

RCE

Critical

10, 11, 12, 12L, 13

CVE-2021-39617

A-175190844

EoP

High

11, 12, 12L

CVE-2021-39795

A-201667614

EoP

High

11, 12, 12L, 13

CVE-2022-20124

A-170646036

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20442

A-176094367

EoP

High

10, 11, 12, 12L

CVE-2022-20444

A-197296414 \[2\] \[3\] \[4\] \[5\]

EoP

High

11, 12

CVE-2022-20470

A-234013191

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20474

A-240138294 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20475

A-240663194

EoP

High

11, 12, 12L, 13

CVE-2022-20477

A-241611867

EoP

High

13

CVE-2022-20485

A-242702935 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20486

A-242703118 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20491

A-242703556 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20611

A-242996180

EoP

High

10, 11, 12, 12L, 13

CVE-2021-0934

A-169762606

DoS

High

10, 11, 12, 12L, 13

CVE-2022-20449

A-239701237

DoS

High

10, 11, 12, 12L, 13

CVE-2022-20476

A-240936919

DoS

High

10, 11, 12, 12L

CVE-2022-20482

A-240422263

DoS

High

12, 12L, 13

CVE-2022-20500

A-246540168

DoS

High

10, 11, 12, 12L, 13

**Media Framework**

The vulnerability in this section could lead to local information disclosure with no additional execution privileges needed.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2022-20496

A-245242273

ID

High

12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote code execution over Bluetooth with no additional execution privileges needed.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2022-20411

A-232023771 \[2\]

RCE

Critical

10, 11, 12, 12L, 13

CVE-2022-20498

A-246465319

ID

Critical

10, 11, 12, 12L, 13

CVE-2022-20469

A-230867224

RCE

High

10, 11, 12, 12L, 13

CVE-2022-20144

A-187702830 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20240

A-231496105 \[2\] \[3\] \[4\]

EoP

High

12, 12L

CVE-2022-20478

A-241764135 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20479

A-241764340 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20480

A-241764350 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20484

A-242702851 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20487

A-242703202 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20488

A-242703217 \[2\]

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20495

A-243849844

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20501

A-246933359

EoP

High

10, 11, 12, 12L, 13

CVE-2022-20466

A-179725730 \[2\]

ID

Moderate

13

ID

High

10, 11, 12, 12L

CVE-2022-20471

A-238177877

ID

High

11, 12, 12L, 13

CVE-2022-20483

A-242459126

ID

High

10, 11, 12, 12L, 13

CVE-2022-20497

A-246301979

ID

High

12, 12L, 13

CVE-2022-20468

A-228450451

ID

Moderate

10, 11, 12, 12L, 13

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Subcomponent

CVE

MediaProvider

CVE-2021-39795

Permission Controller

CVE-2021-39617, CVE-2022-20442

**2022-12-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2022-12-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel**

The vulnerability in this section could lead to local information disclosure with no additional execution privileges needed.

    

CVE

References

Type

Severity

Subcomponent

CVE-2022-23960

A-215557547  
Upstream kernel \[2\] \[3\] \[4\] \[5\] \[6\] \[7\] \[8\] \[9\] \[10\] \[11\] \[12\] \[13\] \[14\] \[15\] \[16\] \[17\] \[18\] \[19\] \[20\] \[21\] \[22\] \[23\] \[24\] \[25\] \[26\]

ID

High

Kernel

**Imagination Technologies**

This vulnerability affects Imagination Technologies components and further details are available directly from Imagination Technologies. The severity assessment of this issue is provided directly by Imagination Technologies.

    

CVE

References

Severity

Subcomponent

CVE-2021-39660  

A-254742984 \*

High

PowerVR-GPU

**MediaTek components**

These vulnerabilities affect MediaTek components and further details are available directly from MediaTek. The severity assessment of these issues is provided directly by MediaTek.

    

CVE

References

Severity

Subcomponent

CVE-2022-32594  

A-250331397  
M-ALPS07446207 \*

High

widevine

CVE-2022-32596  

A-250470698  
M-ALPS07446213 \*

High

widevine

CVE-2022-32597  

A-250470696  
M-ALPS07446228 \*

High

widevine

CVE-2022-32598  

A-250470697  
M-ALPS07446228 \*

High

widevine

CVE-2022-32619  

A-250441021  
M-ALPS07439659 \*

High

keyinstall

CVE-2022-32620  

A-250441023  
M-ALPS07541753 \*

High

mpu

**Unisoc components**

These vulnerabilities affect Unisoc components and further details are available directly from Unisoc. The severity assessment of these issues is provided directly by Unisoc.

    

CVE

References

Severity

Subcomponent

CVE-2022-39106  

A-252398972  
U-1830881 \*

High

kernel

CVE-2022-39131  

A-252950986  
U-1914157 \*

High

Kernel

CVE-2022-39132  

A-252951342  
U-1914157 \*

High

Kernel

CVE-2022-39133  

A-253957345  
U-1946077 \*

High

Kernel

CVE-2022-39134  

A-253333208  
U-1947682 \*

High

Kernel

CVE-2022-42754  

A-253344080  
U-1967614 \*

High

Kernel

CVE-2022-42755  

A-253957344  
U-1981296 \*

High

Kernel

CVE-2022-42756  

A-253337348  
U-1967535 \*

High

Kernel

CVE-2022-42770  

A-253978051  
U-1975103 \*

High

Kernel

CVE-2022-42771  

A-253978040  
U-1946329 \*

High

Kenel

CVE-2022-42772  

A-253978054  
U-1903041 \*

High

kernel

CVE-2022-39129  

A-252943954  
U-1957128 \*

High

Kernel

CVE-2022-39130  

A-252950982  
U-1957128 \*

High

Kernel

**Qualcomm components**

This vulnerability affects Qualcomm components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of this issue is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-33268  

A-245992426  
QC-CR#3182085 \[2\]

High

Bluetooth

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-25672  

A-231156083 \*

High

Closed-source component

CVE-2022-25673  

A-235102693 \*

High

Closed-source component

CVE-2022-25681  

A-238106628 \*

High

Closed-source component

CVE-2022-25682  

A-238102293 \*

High

Closed-source component

CVE-2022-25685  

A-235102504 \*

High

Closed-source component

CVE-2022-25689  

A-235102546 \*

High

Closed-source component

CVE-2022-25691  

A-235102879 \*

High

Closed-source component

CVE-2022-25692  

A-235102506 \*

High

Closed-source component

CVE-2022-25695  

A-235102757 \*

High

Closed-source component

CVE-2022-25697  

A-235102692 \*

High

Closed-source component

CVE-2022-25698  

A-235102566 \*

High

Closed-source component

CVE-2022-25702  

A-235102898 \*

High

Closed-source component

CVE-2022-33235  

A-245402984 \*

High

Closed-source component

CVE-2022-33238  

A-245402341 \*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2022-12-01 or later address all issues associated with the 2022-12-01 security patch level.
*   Security patch levels of 2022-12-05 or later address all issues associated with the 2022-12-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2022-12-01\]
*   \[ro.build.version.security\_patch\]:\[2022-12-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2022-12-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2022-12-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2022-12-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

December 5, 2022

Bulletin Published

1.1

December 7, 2022

Bulletin revised to include AOSP links

2.0

December 7, 2022

Revised CVE table

Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.

Last updated 2022-12-08 UTC.

CVE-2021-0934: Android Security Bulletin—December 2022  |  Android Open Source Project

By Owais Sultan
In the US, there was a drop in sales of 19% as people stayed on their phones for longer. Globally, smartphone sales are down from 488 million units to 429 million units.
This is a post from HackRead.com Read the original post: Smartphone Discounts Set To Rocket As Market Slumps

In the last quarter, the smartphone market has sunk by 12 percent. This has led to a dramatic decrease in the number of people updating their phones and is predicted to have serious knock-on effects for manufacturers and carriers.

The industry is about to enter a **period of price wars** and discounts, as manufacturers compete for consumers in an effort to shift unsold inventories.

(Image Source: Statista)

The pandemic caused a multitude of issues for the smartphone market. Chips that power handsets were scares between as manufacturers temporarily closed to help stop the spread of the virus. This not only caused a **shortage in smartphone handsets** but also, in cars and other electronic goods like laptops. 

New data from Current Analysis suggests that the dramatic drop in smartphone sales is due to a lack of innovation and an increasing reliance on feature phones by carriers. Sales of all mobile phones dropped by 15% across the world, in comparison to a rise of 3% for tablets and 1% for PCs.

In the US, there was a drop in sales of 19% as people stayed on their phones for longer. Globally, smartphone sales are down from 488 million units to 429 million units.

This is bad news for all of the smartphone manufacturers who have been hoping for a fruitful Christmas season to see their sales and plans to increase market share. While last year saw record sales and a boom in smartphone usage, this can be attributed to the fact that the majority of us had just bought a new phone, and the novelty had worn off by now.

What’s even more troubling is that this dip in smartphone sales is not expected to rise until 2030. The smartphone market is, in fact, expected to increase by a mere 1.6% from this time on.

“The smartphone industry has reached saturation in most markets and carriers are introducing new services and device price points aimed at maintaining their market share,” said David Hsieh, an analyst for Current Analysis. “Smartphones are also becoming less essential in some markets as 2015 signs of progress and a growing focus shifts to the premium smartphone class.

China will be more likely to experience a “**halo effect**” than other markets across Asia as this is where all new smartphones are sold and increased smartphone penetration contributes to wider adoption. 

Curiously, the smartphone market is expected to reach saturation in India at around the same time as most other markets so there will be no sudden shift in growth. In fact, India’s smartphone penetration rate is much lower than other markets due to its low usage of high-end smartphones costing thousands of dollars and having many limitations in terms of data services and devices available.

(Image Source: GSM Arena News)

“The slowdown in smartphone growth is largely coming from Huawei and Apple, who have dramatically slowed their market share growth as they launch new products or refresh existing ones.”

Samsung has done particularly well this year, even though it has had its fair share of hiccups; but all hope for the Korean company’s increasing market share will be crushed if it does not launch its all-new **Galaxy range** in 2023, especially as Apple has overtaken them in market share in China. 

However, these issues are set to be resolved in the next two years meaning a sudden boost in demand and an increase in market share. China’s growth is expected to increase by over three percentage points from last year, from 97% to just under 100%. Conversely, Russia’s figure will plummet from 93% to around 89%.

The future for **Android and iOS** is looking rather glum at the moment as there seems to be no innovation or changes in their systems. Carriers and manufacturers are also putting their foot down on the pricing of new phones, which is causing some consumers to be put off by the higher costs of upgrading.

There is also the threat of Elon Musk **potentially developing** his own smartphone if Apple bans the Twitter app, which will be of concern to the other tech giants, increasing competition whilst also the threat of new technology. 

1.  **Top 10 Android Educational Apps That Collect Most User Data**
2.  **Ways That VoIP Tech Impacts Marketplaces and How to Adapt**
3.  **Global cybersecurity market poised to reach $420 billion by 2028**
4.  **Android apps ask for dangerous permissions. Is yours among them?**

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Smartphone Discounts Set To Rocket As Market Slumps

Categories: News
Tags: TikTok

Tags:  ban TikTok

Tags:  states that banned TikTok

Tags:  Indiana bans TikTok

Tags:  Maryland bans TikTok

Tags:  Shou Zi Chew

Tags:  Brendan Carr

Tags:  ByteDance

Tags:  Brooke Oberwetter

The State of Indiana has filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance.



(Read more...)




The post Indiana sues TikTok, describes it as "Chinese Trojan Horse" appeared first on Malwarebytes Labs.

Posted: December 12, 2022 by

On Wednesday, the State of Indiana filed two lawsuits against TikTok, Inc, the company behind the same name app, and its parent company, ByteDance.

The first suit alleges TikTok's 12+ rating on the Apple App Store and a "T" for "Teen" rating in the Google Play Store and the Microsoft Store are misleading as minors are repeatedly exposed to inappropriate content generated by the app's algorithm. 

The second suit claims that TikTok violated consumer protection laws by not disclosing that China has access to sensitive user data.

"TikTok is a wolf in sheep's clothing," court documents read, echoing what Federal Communications Commission (FCC) Chairman Brendan Carr said about TikTok back in July.

"As long as TikTok is permitted to deceive and mislead Indiana consumers about the risks to their data, those consumers and their privacy are easy prey."

TikTok declined to comment on the lawsuits; however, its spokesperson, Brooke Oberwetter, was quoted by The New York Times saying, "the safety, privacy, and security of our community is our top priority." Oberwetter added:

> “We build youth well-being into our policies, limit features by age, empower parents with tools and resources, and continue to invest in new ways to enjoy content based on age-appropriateness or family comfort."

When TikTok CEO Shou Zi Chew attempted to assuage critics by pointing out that US data are hosted on servers managed and controlled by Oracle, an American company, and disputing claims that the Chinese government could access the data, the second suit stated that such statements are "false and misleading."

"In addition to TikTok's statements that some China-based employees may access unencrypted US user data, which includes Indiana consumers' data, TikTok's privacy policy permits TikTok to share information with ByteDance' or 'other affiliate of our corporate group,''" the suit claims. "ByteDance and any affiliates and their employees who are located in China or are Chinese citizens are subject to Chinese law and the oppressive Chinese regime, including but not limited to laws requiring cooperation with national intelligence institutions and cybersecurity regulators."

> Because ByteDance is subject to Chinese law, and TikTok’s privacy policy expressly permits TikTok to share data with ByteDance, TikTok’s statements that Chinese law does not apply to that data are false and misleading.

Banning TikTok is slowly becoming a trend among US states. On Tuesday, Outgoing Maryland Governor Larry Hogan issued a directive forbidding state employees from using several Chinese and Russian equipment and software, citing these present "an unacceptable level of security risk." These include TikTok, Huawei products, ZTE, Tencent products, Alibaba products, and Kaspersky.

**We don't just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

**RELATED ARTICLES**

Indiana sues TikTok, describes it as "Chinese Trojan Horse"

Texas and Maryland this week joined three other states in prohibiting accessing the popular social media app from state-owned devices.

Texas this week become the fifth US state to ban the TikTok app on government-owned devices over concerns about the social media app harvesting sensitive data from user devices and potentially making it available to the Chinese government.

The question now is whether private companies will implement similar restrictions on use of the popular social media app on devices that employees use to access enterprise data and applications.

**Unacceptable Risk**

Texas Gov. Greg Abbott on Wednesday said he had ordered all state agencies to ban TikTok on any state-issued devices effective immediately. Abbott said he has also given each state agency until Feb. 15, 2023 to implement their own policies regarding the use of TikTok on personal devices belonging to employees — subject to approval by the Texas Department of Public Safety.

"TikTok harvests vast amounts of data from its users' devices — including when, where, and how they conduct internet activity — and offers this trove of potentially sensitive information to the Chinese government," Abbott said, echoing concerns that many others have expressed recently.

Abbott pointed to China's 2017 National Intelligence Law, which obligates Chinese companies and individuals to assist in state intelligence-gathering activities, and a recent warning from FBI Director Christopher Wray about TikTok's use in influence operations, as reasons for his decision.

Abbott's order came just one day after Maryland Gov. Larry Hogan issued an emergency directive prohibiting the use of TikTok and other Chinese and Russian-influenced products on state-issued devices, citing the "unacceptable" cybersecurity risk they presented to the state.

His order applies to TikTok, Huawei Technologies, ZTE Corp., Tencent Holdings products including WeChat, Alibaba products including AliPay, and Kaspersky. Hogan's directive requires all Maryland state agencies to remove these products from state networks within 14 days and to implement network-based restrictions preventing access to these services.

Like Abbott, Hogan also cited Wray's warning about TikTok presenting a national security threat in his statement, as well as a recent NBC News report about Chinese hackers stealing millions of dollars in COVID-related benefits.

The three other states that have issued similar directives over similar concerns are South Dakota, South Carolina, and Nebraska. In addition, the US Departments of Defense, State, and Homeland Security have all banned TikTok on federally issued devices. This July, members of the Senate Select Committee on Intelligence sent a letter to the chair of the Federal Trade Commission urging the agency to investigate what it claimed were deceptive practices by TikTok with regard to its data privacy practices.

**Concerns Mount Despite TikTok's Assurances**

The growing number of bans on the use of TikTok on state and federal devices and networks is sure to encourage other state governments, federal agencies, and private companies to weigh the security and privacy implications of using the social media app.

In a Senate hearing earlier this year, TikTok COO Vanessa Pappas maintained that TikTok does not operate inside China and the app is not available there. She has described the company as incorporated in the US and compliant with US laws. Though TikTok does have employees based in China, the company has strict access control over what data those employees can access and where TikTok stores the data, Pappas testified. Earlier this year, the company also announced it has launched an initiative called Project Texas designed to bolster confidence in the safeguards the company has put in place and will put in place to protect US user data and national security interests. TikTok now stores 100% of US user data in the US in Oracle's cloud environment and is working with Oracle to implement advanced data security controls, TikTok CEO Shou Zi Chew said at the time.

In an emailed comment to Dark Reading, TikTok spokesperson Jamal Brown expressed disappointment over the recent developments. "We believe the concerns driving these decisions are largely fueled by misinformation about our company," Brown says. "We are happy to continue having constructive meetings with state policymakers to discuss our privacy and security practices. We are disappointed that many state agencies, offices, and universities will no longer be able to use TikTok to build communities and connect with constituents."

Despite such assurances, the fact that a China-based entity called ByteDance Ltd owns TikTok and that the Chinese government owns at least a partial stake in one of its subsidiaries continues to be a major source of concern for many. Recent reports about threat actors using the platform to distribute malware have not helped matters.

"The specific situation with TikTok being based in China and being subject to Chinese law, which can give the Chinese Communist Party (CCP) access to user data, is giving many people pause," says Mike Parkin, senior technical engineer at Vulcan Cyber.

Social media applications like TikTok can be problematic for organizations as well. "They are immensely popular, especially with the generations that have grown up with social media," he says. It’s entirely reasonable that organizations would restrict what apps get installed on their organization-provided devices and recommend their employees don’t install it on any personal systems they use to access enterprise systems, Parkin says.

On devices provided by organizations, a ban on TikTok would be absolutely enforceable, he says. But the same wouldn't be true of personally owned and unmanaged devices, he notes. "The organization can lay out the requirements, but enforcing them becomes much more challenging both ethically and legally," Parkin says.

Patrick Tiquet, vice president of security and architecture at Keeper Security, says the rapid proliferation of BYOD policies and distributed remote work environments has contributed to an exponential increase in risk to endpoints and applications for both public and private sector entities. "This puts organizations in a precarious situation, as they must weigh the convenience and cost-savings of BYOD policies with the significant cybersecurity risk," Tiquet says. "Banning specific apps may seem like a simple and straightforward approach to ensuring security, but with a BYOD policy, it is difficult to enforce."

TikTok Banned on Govt. Devices; Will Private Sector Follow Suit?

By Habiba Rashid
Here is everything you need to know about the first two days at the Pwn2Own hacking contest.
This is a post from HackRead.com Read the original post: Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

Being held at Zero Day Initiative (ZDI)’s Toronto office, this year’s **Pwn2Own** kicked off smoothly on 6th December 2022 with contestants participating both in person and remotely. Before we dive into the proceedings on the event days, let’s talk about what Pwn2Own is and how it started. 

**What is Pwn2Own?**

Pwn2Own is a hacking contest where security researchers are invited to hack into devices that IT hardware and software manufacturers believe are secure.

At Pwn2Own Toronto 2022, contestants would have targets such as mobile phones, wireless routers, home automation hubs, printers, smart speakers, and NAS devices for hacking into.

For their efforts resulting in a successful hack, the participants are rewarded with prize money. 

Starting in April 2007 during the CanSecWest conference in Vancouver, Pwn2Own has come a long way to become the highly reputable competition that it is. It began when security researcher Dragos Ruiu wanted to put Apple’s impenetrable security system to the test and ever since, the competition has followed a similar mission statement.

Not only has it allowed organizations to normalize bug reporting but has also changed how the industry looks at security. 

This fall’s Pwn2Own event introduced a new category called “SOHO Smashup” (Small Office/Home Office) to incorporate a real-world setting where a threat actor would exploit a home office.

A contestant would be required to pick a router and begin exploiting the WAN interface and then they would pivot to the LAN, where a second device is hacked such as a NAS appliance, a smart speaker, or a printer. 

**DAY 1 PROCEEDINGS**

The **first day** of the competition welcomed participants who won a total of $400,000 for exploits targeting phones, printers, routers, and NAS devices. 

The Devcore team which is a recurring contestant in the competition won the highest single reward of $100,000 in the SOHO Smashup category for hacking a MikroTik router and a Canon printer connected to it. 

Coming in second with a reward of $50,000 was the team Neodyme which successfully hacked a Netgear router and an HP printer.

Meanwhile, the Star Labs team also earned $50,000 for hacking a Samsung Galaxy S22 smartphone. The same device was also hacked by a participant named Chim who earned $25,000. 

Researchers at industrial and IoT cybersecurity firm Claroty earned $40,000 for hacking a Synology DiskStation NAS device.

There were also multiple $20,000 rewards for hacking Canon, HP, Lexmark printers, TP-Link, and Synology routers. Two teams earned $10,000 each for Synology NAS and HP printer hacks.

Excluding the SOHO Smashup entry, Netgear router exploits earned smaller rewards. The Netgear exploits by some contestants including Tenable were neutralized just days before the competition due to a last-minute hotfix released by the vendor.

With 26 contestants signing up for 66 exploits, ZDI decided that the full cash prize would be awarded to the first winner of each target, with subsequent exploits getting 50% of the prize money. 

**DAY 2 PROCEEDINGS**

On the second day of the competition, participants earned a total of more than $280,000 for their exploits. A large sum of the total amount was earned by targeting the smart speaker, specific vulnerabilities in the Sonos One smart speakers. 

$60,000 went to a team from Qrious Secure for hacking a Sonos One speaker while $22,500 went to the Star Labs team for an exploit that involved targeting one new and one previously known flaw. 

The Bugscale team earned $37,500 for a SOHO Smashup exploit targeting a Synology router and an HP printer where again, new and previously known bugs were used. 

Another significant reward was earned by researcher Luca Moro, who was awarded $40,000 for a WD My Cloud Pro hack in the NAS category. Interrupt Labs earned $25,000 for hacking a Samsung Galaxy S22 phone.

The list of devices hacked on the **second day of Pwn2Own**, for which participants earned between $1,250 and $10,000, includes HP, Lexmark, Canon printers, Netgear, Synology, and TP-Link routers.

ZDI announced that a total of $681,000 was paid out in the first two days for 43 new and unique vulnerabilities. As the event progresses successfully, we look forward to it serving as a beacon to improve the relationship between vendors and independent researchers. 

1.  **Firefox, Edge, Safari, Tesla & VMware pwned at Pwn2Own**
2.  **Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned**
3.  **Mobile Pwn2Own: Hackers pwn iPhone, Huawei, Galaxy & Pixel**
4.  **MS Exchange server, Teams, Zoom, Chrome pwned at Pwn2Own**
5.  **Pwn2Own: Xiaomi, Amazon Echo, Sony & Samsung** **Smart** **TVs pwned**

Pwn2Own Day 1 and 2: Samsung, HP, MikroTik & Netgear Pwned

The botnet exploits flaws in various routers, firewalls, network-attached storage, webcams, and other products and allows attackers to take over affected systems.

A new botnet is attacking organizations through various vulnerabilities in Internet of Things (IoT) devices from D-Link, Huawei, RealTek, TOTOLink, Zyxel, and more, posing a critical threat that allows attackers to take over vulnerable systems, researchers have found.

The botnet, dubbed Zerobot and written in the Go programming language, includes modules capable of self-replication and self-propagation, as well as attacks for different protocols, a researcher from Fortinet shared in a blog post published Dec. 6.

"Zerobot targets several vulnerabilities to gain access to a device and then downloads a script for further propagation," Fortinet Labs senior antivirus analyst Cara Lin wrote in the post.

So far, researchers have seen two versions of the botnet, one that they began tracking on Nov. 18 and a more sophisticated version that appeared soon after, on Nov. 24, that added a string of new capabilities.

The first version of Zerobot was quite basic, but attackers quickly updated it to include a "selfRepo" module that allows it to reproduce itself and infect more endpoints with different protocols or vulnerabilities, researchers said. The latest version — on which their analysis is based — also includes string obfuscation and a copy file module.

**Attack Mode**

Zerobot initiates an attack by first checking its connection to 1.1.1.1, the DNS resolver server from Cloudflare. It then copies itself onto the targeted device based on the victim's OS type, with different tactics depending on the platform, researchers said.

For Windows, Zerobot copies itself to the "Startup" folder with the filename "FireWall.exe." If the targeted platform is Linux, it has three file paths — "HOME%," "/etc/init/," and "/lib/systemd/system/."

Once it is copied onto the targeted device, Zerobot then sets up an "AntiKill" module to prevent users from disrupting its program once it's started. "This module monitors a particular hex value and uses 'signal.Notify' to intercept any signal sent to terminate or kill the process," Lin wrote.

After initialization, Zerobot starts a connection to its command-and-control (C2) server, ws\[:\]//176\[.\]65\[.\]137\[.\]5/handle, using the WebSocket protocol.

Once it sets up a communication channel, the client waits for a command from the server to unleash any of 21 exploits for various vulnerabilities found in IoT products, as well as some others — including the Java framework vulnerability Spring4Shell, phpAdmin, and F5 Big — "to increase its success rate," Lin wrote.

**Enterprises: Take Immediate Action**

Fortinet included a list of the numerous vulnerabilities that Zerobot exploits, which are found in assorted devices including routers, webcams, network attached storage, firewalls, and other products from a host of well-known manufacturers. 

Lin advised any organization using these devices to update to the latest versions or apply any available patches immediately. Indeed, with businesses losing up to $250 million a year on unwanted botnet attacks, according to a report published last year from Netacea, organizations would be wise to evaluate their environments to discover any device that might be vulnerable to Zerobot, she noted.

"Users should be aware of this new threat, patch any affected systems … running on their network, and actively apply patches as they become available," Lin wrote.

Tag

#huawei