Red Hat Security Advisory 2022-6437-01 - The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

====================================================================                     
Red Hat Security Advisory

Synopsis:          Moderate: kernel-rt security and bug fix update  
Advisory ID:       RHSA-2022:6437-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6437  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166  
====================================================================  
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Real Time (v. 8) - x86_64  
Red Hat Enterprise Linux Real Time for NFV (v. 8) - x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables  
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* The latest RHEL 8.6.z3 kernel changes need to be merged into the RT  
source tree to keep source parity between the two kernels. (BZ#2111112)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux Real Time for NFV (v. 8):

Source:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-kvm-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm

Red Hat Enterprise Linux Real Time (v. 8):

Source:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.src.rpm

x86_64:  
kernel-rt-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-core-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debug-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-debuginfo-common-x86_64-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-devel-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm  
kernel-rt-modules-extra-4.18.0-372.26.1.rt7.183.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCCBtzjgjWX9erEAQiMVxAAj4C0/6TQ/Wts6/PsnA7c4EJbxOzcjnSf  
bdJSktu0TYTmpmiZI1tZ22LbABATshxGKqzz15bFGQlIE+wHSDxN8NF86XPmdNCF  
Yqi8g2YZDLeKd02ggzE8ZOcjuSdkAT09qaTP9AusbQububoCFv/dR4v0UZ3+Mpk2  
Bhe1VumtyZVHt4ps06dRVthVCt4HJdPEEOFmoCE4kg+ij6x626dvRuLWFbUclhHe  
qg+5JOBLJx9UCMHMS5X7qrdySfLw6xrqX0QM18ElmCTtnfJ03FQjzw6j6F0gV17a  
xGqDhJJbYby4Uhqe0eNPG5P01UW+8aWyXIxtpuG/uCJ0oC65j4yXpG136fuztx1a  
R+7c2xYeuZ1qrNvYsJDecYtgDwlSuhWJ/S+snlYAgB4HJ6ouHPx2Y0SYu2Xznm/2  
fNj5oV13UioCVvTptBU6dI6ByX8qalq0fIbt+lb5M23vu+zlpMs6b80u3pekC7uR  
3PM9Udb59P9wIcwDlS1v9jSyO/4B3maCh6vtjpdGDBUIbbOSE5E9S7zTR4vHFzhI  
ji5EcEHGpBz615xVGi/fSzudyR/2yjzqjazhkX5dYEZ5kOBtOOeAxTIgAQ3yhjt2  
+ZFPoA9cSGTxR3AhZU+lnggpod97b8rD3IqCuz2PetsRoikUTQSIRiKBlp058FAt  
/NJdeWcHmjI=t/FA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6437-01

Apple Security Advisory 2022-09-12-5 - Safari 16 addresses buffer overflow, code execution, out of bounds read, and spoofing vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-09-12-5 Safari 16

Safari 16 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213442.

Safari Extensions  
Available for: macOS Big Sur and macOS Monterey  
Impact: A website may be able to track users through Safari web  
extensions  
Description: A logic issue was addressed with improved state  
management.  
WebKit Bugzilla: 242278  
CVE-2022-32868: Michael

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: A buffer overflow issue was addressed with improved  
memory handling.  
WebKit Bugzilla: 241969  
CVE-2022-32886: P1umer, afang5472, xmzyshypnc

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Processing maliciously crafted web content may lead to  
arbitrary code execution  
Description: An out-of-bounds read was addressed with improved bounds  
checking.  
WebKit Bugzilla: 242762  
CVE-2022-32912: Jeonghoon Shin (@singi21a) at Theori working with  
Trend Micro Zero Day Initiative

WebKit  
Available for: macOS Big Sur and macOS Monterey  
Impact: Visiting a website that frames malicious content may lead to  
UI spoofing  
Description: The issue was addressed with improved UI handling.  
WebKit Bugzilla: 243236  
CVE-2022-32891: @real_as3617, an anonymous researcher

Safari 16 may be obtained from the Mac App Store.  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdgMACgkQ4RjMIDke  
Nxk7dRAAgdvFNEmEdfhDdLWbn7ZIdNrxPZDsg1MiCVFyPvPesNRo3Uj+XI2m93E4  
U7koTDn7+DE62TjkdNEqOQ0bXpy84uWAcZoZDmGJOt0IQOPwcMf8CMzhj/GytrTt  
PCC2IjWDuoJsoQ9lIm71WN3nsfrpO/P4cO04H3Tw4CxFI9Oj0doALGvamf0XVYCN  
TyCdw15kQ+WTriI5rnzsE4qqh4vaEKeuyEiZQzR26p3ctpT+inffGz6g9uYgy5AW  
v1Kwln7DDSIvYyAcrIyPKqwjsdfD6dmnufKTSUkOHLOpvqx5P/PLQ9f4qv3VXy6c  
Bs4eLUUvONzxoo07TB3V3/OsC1eQwDnPugrja5SFTgZUpl9QM7PMijoOar7Y11JL  
fMgJArHEDWB4JatejBrgsBps+SU2ozSAaT71hfm77Jb1TSSRDuxX2po2AjiwKOcF  
S+T2yJSIgI5nsP9i1RRG3+hN6MOUKKmFxlWxXPLdCO4pG04qdmMOE5HR2bRgQ3/o  
gdRb/OYTQkchSlhbpvdF8zO0QZLXh+GeiLxWoygfbQQmv33KeKRlrbKVctyB4HQZ  
ZxTi0Tn5pfdnuB2QvGn6b0KZZJlDHkiiNj3grvD5uFSH6H0MV7apLiJ636qEL/Tp  
o8PWQgop+KfYatZDVAQMYekpRYwz7oDdFm/i6SYvnP09wx55Ooc=+qsX  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-09-12-5

Apple Security Advisory 2022-09-12-4 - macOS Monterey 12.6 addresses bypass and code execution vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

APPLE-SA-2022-09-12-4 macOS Monterey 12.6

macOS Monterey 12.6 addresses the following issues.  
Information about the security content is also available at  
https://support.apple.com/HT213444.

ATS  
Available for: macOS Monterey  
Impact: An app may be able to bypass Privacy preferences  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32902: Mickey Jin (@patch1t)

iMovie  
Available for: macOS Monterey  
Impact: A user may be able to view sensitive user information  
Description: This issue was addressed by enabling hardened runtime.  
CVE-2022-32896: Wojciech Reguła (@_r3ggi)

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to execute arbitrary code with kernel  
privileges  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32911: Zweig of Kunlun Lab

Kernel  
Available for: macOS Monterey  
Impact: An app may be able to disclose kernel memory  
Description: The issue was addressed with improved memory handling.  
CVE-2022-32864: Linus Henze of Pinauten GmbH (pinauten.de)

Kernel  
Available for: macOS Monterey  
Impact: An application may be able to execute arbitrary code with  
kernel privileges. Apple is aware of a report that this issue may  
have been actively exploited.  
Description: The issue was addressed with improved bounds checks.  
CVE-2022-32917: an anonymous researcher

Maps  
Available for: macOS Monterey  
Impact: An app may be able to read sensitive location information  
Description: A logic issue was addressed with improved restrictions.  
CVE-2022-32883: Ron Masas, breakpointhq.com

MediaLibrary  
Available for: macOS Monterey  
Impact: A user may be able to elevate privileges  
Description: A memory corruption issue was addressed with improved  
input validation.  
CVE-2022-32908: an anonymous researcher

PackageKit  
Available for: macOS Monterey  
Impact: An app may be able to gain elevated privileges  
Description: A logic issue was addressed with improved state  
management.  
CVE-2022-32900: Mickey Jin (@patch1t)

Additional recognition

Identity Services  
We would like to acknowledge Joshua Jones for their assistance.

macOS Monterey 12.6 may be obtained from the Mac App Store or Apple's  
Software Downloads web site: https://support.apple.com/downloads/  
All information is also posted on the Apple Security Updates  
web site: https://support.apple.com/en-us/HT201222.

This message is signed with Apple's Product Security PGP key,  
and details are available at:  
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEBP+4DupqR5Sgt1DB4RjMIDkeNxkFAmMfdoAACgkQ4RjMIDke  
NxkI5g//SbLPARNJZkH5CzD60NB87QymxWmpvPcbPiywLpVy8Yj7CzQ21rM7cshx  
65LXO+4S5dIkWSv38lv7o+JOTuhPxnucdR9EhPN4Mjyl132S9zOylgaotp0/LZuJ  
vGOzN1LUO260VeB/4wpnWM5wQY5b16GGrIj1LJ1knKKNB05/JdBEHC0fXhPgIZ0A  
fOcQzNVaeySayjx4mariluq0GBXKQ9ELPEhS+z1XCEg6Rw1NLS0cC1mhGoXojRYF  
Bij2De+JBEFqtGTo4ceN52yBmUj4UF11zJPl3fybJIM1dmkRd0/7PpsqJmEiASWr  
cmCsY4DiMbFVPnpHKv8dkt4dNseejGntpEsHljlq6rATLSbGkTowwRtaF8QtgZzT  
wS3mAWlit6vjiMQlgMVLnDk72IGVqaIcu2JmIJtfLFDgXPctO64ZAvbWDPeCyNfe  
+6hnVv/sWzFh6dHh+kJYwDrMIxZnFZuZD1NzaHqxEPKUY9CdK8GhNzwVfOPzlP3U  
TfOaZGuyudXKn7k04ItHBPtq5P+oYDPDlfIzeP8n+WYLbUCP+a1A8yrqQnQuY1Rs  
N3cz70al/9ogGzamSCIe0jQxGrVaMgvd8GEDK9GnksRxd0vJl/rMm05wruOyv2pD  
gEhw6ZdE97icESMAOvPMjIR0eANuiK6vgyrg+GRn2RSqLpsr1VM=  
=qtyT  
-----END PGP SIGNATURE-----

Apple Security Advisory 2022-09-12-4

Red Hat Security Advisory 2022-6460-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Moderate: kernel security, bug fix, and enhancement update  
Advisory ID:       RHSA-2022:6460-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6460  
Issue date:        2022-09-13  
CVE Names:         CVE-2022-21123 CVE-2022-21125 CVE-2022-21166   
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, x86_64  
Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux  
operating system.

Security Fix(es):

* Incomplete cleanup of multi-core shared buffers (aka SBDR)  
(CVE-2022-21123)

* Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
(CVE-2022-21125)

* Incomplete cleanup in specific special register write operations (aka  
DRPW) (CVE-2022-21166)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

Bug Fix(es):

* Bad page state in process qemu-kvm  pfn:68a74600 (BZ#2081013)

* slub corruption during  LPM of hnv interface (BZ#2081250)

* Affinity broken due to vector space exhaustion (BZ#2084646)

* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)

* Unable to boot RHEL-8.6 on Brazos max. config (Install is success)  
(BZ#2092241)

* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module)  
(BZ#2095654)

* mt7921: free resources on pci_probe error path (BZ#2101684)

* NLM should be more defensive if underlying FS changes fl_owner  
(BZ#2102099)

* RHEL8/async-pf Guest call trace when reboot after postcopy migration with  
high stress workload (BZ#2105340)

* execve exit tracepoint not called (BZ#2106662)

* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)

* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)

* KVM selftests fail to compile (BZ#2107655)

* Some monitor have no display with AMD W6400 when boot into OS.  
(BZ#2109826)

* Percpu counter usage is gradually getting increasing during podman  
container recreation. (BZ#2110039)

* multipath failed to recover after EEH hit on flavafish adapter on  
Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)

* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)

* trouble re-assigning MACs to VFs, ice stricter than other drivers  
(BZ#2111936)

* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)

* Multicast packets are not received by all VFs on the same port even  
though they have the same VLAN (BZ#2117026)

* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)

* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)

* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)

* bridge over bond over ice ports has no connection (BZ#2118580)

* Fix max VLANs available for VF (BZ#2118581)

* offline selftest failed (BZ#2118582)

* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on  
E810-XXVDA4T (WPC) (BZ#2118583)

* VM configured with failover interface will coredump after been migrating  
from source host to target host(only iavf driver) (BZ#2118705)

* Fix max VLANs available for untrusted VF (BZ#2118707)

* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset  
(BZ#2120776)

Enhancement(s):

* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)

* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)

* ice: Driver Update (BZ#2102359)

* iavf: Driver Update (BZ#2102360)

* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2090237 - CVE-2022-21123 hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR)  
2090240 - CVE-2022-21125 hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS)  
2090241 - CVE-2022-21166 hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW)

6. Package List:

Red Hat Enterprise Linux BaseOS (v. 8):

Source:  
kernel-4.18.0-372.26.1.el8_6.src.rpm

aarch64:  
bpftool-4.18.0-372.26.1.el8_6.aarch64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

noarch:  
kernel-abi-stablelists-4.18.0-372.26.1.el8_6.noarch.rpm  
kernel-doc-4.18.0-372.26.1.el8_6.noarch.rpm

ppc64le:  
bpftool-4.18.0-372.26.1.el8_6.ppc64le.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

s390x:  
bpftool-4.18.0-372.26.1.el8_6.s390x.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-debuginfo-common-s390x-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-core-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-devel-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-4.18.0-372.26.1.el8_6.s390x.rpm  
kernel-zfcpdump-modules-extra-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-4.18.0-372.26.1.el8_6.s390x.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-4.18.0-372.26.1.el8_6.s390x.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.s390x.rpm

x86_64:  
bpftool-4.18.0-372.26.1.el8_6.x86_64.rpm  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-cross-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-core-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-headers-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-modules-extra-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder (v. 8):

aarch64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-debuginfo-common-aarch64-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.aarch64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.aarch64.rpm

ppc64le:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-debuginfo-common-ppc64le-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.ppc64le.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.ppc64le.rpm

x86_64:  
bpftool-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debug-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-debuginfo-common-x86_64-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
kernel-tools-libs-devel-4.18.0-372.26.1.el8_6.x86_64.rpm  
perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm  
python3-perf-debuginfo-4.18.0-372.26.1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-21123  
https://access.redhat.com/security/cve/CVE-2022-21125  
https://access.redhat.com/security/cve/CVE-2022-21166  
https://access.redhat.com/security/updates/classification/#moderate

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYyCB1NzjgjWX9erEAQjx1g/+KpIc2rESQgtzICCW50Ha+ZjaOZiuIgGV  
1wDzgsyj7JRxGOIhGY3edJp7sdtoT0+CoWTdjENZrNhQlQ9UhRSpJ+8vdGy5WooO  
fwwKBffteRMEl8YTO/U8fstclEKXK3MB93ZxEHgS0L3UQY/AUU5XqSzB4a4rV9RJ  
DpFQcnw3dHIrtMKHs4HMrm8+Q8ezq9UmVbl472ecnfmNXfHDhOmUGGlUrT22SX9p  
Zn/UXCiWZxIt+Vh2uTrIgs4hiSJPAqD/lGHjLQpaR26uciZnndLui2s4W91F7yN4  
ZifRDwrSAMtsRoln7Z8HL6H59tw4vHwAY1rD5ATwk9EqhRtaetE+v0hzM+BRBhri  
dpZnKUhMiUDNTUKqmpbBZjh4IuSKI6AkaQenFnMQWTp027B6o0EjhqpiEdLaA0R/  
pYewm2OKbulyoUeVhC5GOMX6g8ckGa5h2o4Fr+fkaptELQN1VniYEu88O7pRqaqR  
lW3MrcYIEowDxyiMLehgtIxjyawzfmi0fficXzCf8xEXm8fmqlrXu4lfhKV4g3WI  
Y9j8INFYc4inopUBsQM1zXWV00nCDxAvaYPhOYI0VjO11jxOCOcBheOlwS1sseOv  
Bjram7oqf2DuVSINeTAgbHMLMA4AGEcNMsOAN/mwdq6ZBpEYmCf48pvZwQscW7qv  
a685GRAjoyY=  
=4AwP  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6460-01

Red Hat Security Advisory 2022-6317-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.9.48. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.9.48 bug fix and security update  
Advisory ID:       RHSA-2022:6317-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6317  
Issue date:        2022-09-12  
CVE Names:         CVE-2021-39226 CVE-2022-0494 CVE-2022-1353   
                   CVE-2022-2526 CVE-2022-29154   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.9.48 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the container images for Red Hat OpenShift Container  
Platform 4.9.48. See the following advisory for the RPM packages for this  
release:

https://access.redhat.com/errata/RHBA-2022:6319

Space precludes documenting all of the container images in this advisory.  
See the following Release Notes documentation, which will be updated  
shortly for this release, for details about these changes:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Security Fix(es):

* grafana: Snapshot authentication bypass (CVE-2021-39226)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s)  
listed in the References section.

You may download the oc tool and use it to inspect release image metadata  
as follows:

(For x86_64 architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-x86_64

The image digest is  
sha256:fe63bce8c63031a17f08feed4fae704499b749502cb3d51f5df7d8eb002e8e55

(For s390x architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-s390x

The image digest is  
sha256:cc5c418771b024b65af22f306c24483421c2e3b351004df1948dc3e9af25b424

(For ppc64le architecture)

$ oc adm release info  
quay.io/openshift-release-dev/ocp-release:4.9.48-ppc64le

The image digest is  
sha256:162a33695defc9acd595451c13ec96eae4557642d6a51521f2aeac22f1c02b8c

All OpenShift Container Platform 4.9 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift Console  
or the CLI oc command. Instructions for upgrading a cluster are available  
at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

3. Solution:

For OpenShift Container Platform 4.9 see the following documentation, which  
will be updated shortly for this release, for important instructions on how  
to upgrade your cluster and fully apply this asynchronous errata update:

https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html

Details on how to access this content are available at  
https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html

4. Bugs fixed (https://bugzilla.redhat.com/):

1996013 - sriov-device-plugin cannot found the VF  
2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass  
2096508 - Pod stuck in Terminating, runc init process frozen  
2097724 - Change Ping source spec.jsonData (deprecated) field  to spec.data  
2101092 - Reserved port 9104 prevents a roll out of new cluster-network-operator Pod during SNO 4.10 upgrade  
2101794 - On-prem loadbalancer ports conflict with kube node port range

5. JIRA issues fixed (https://issues.jboss.org/):

OCPBUGS-410 - Detect unsupported amount of workloads before rendering a lazy or crashing topology  
OCPBUGS-420 - OVS-Configure doesn't iterate connection names containing spaces correctly  
OCPBUGS-443 - [release-4.9] Gather ODF CephCluster resource status  
OCPBUGS-459 - Default catalogs fails liveness/readiness probes  
OCPBUGS-508 - CI failing tests: Create namespace from install operators creates namespace from operator install page  
OCPBUGS-572 - Machine Controller stuck with Terminated Instances while Provisioning on AWS

6. References:

https://access.redhat.com/security/cve/CVE-2021-39226  
https://access.redhat.com/security/cve/CVE-2022-0494  
https://access.redhat.com/security/cve/CVE-2022-1353  
https://access.redhat.com/security/cve/CVE-2022-2526  
https://access.redhat.com/security/cve/CVE-2022-29154  
https://access.redhat.com/security/updates/classification/#important

7. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYx+EqtzjgjWX9erEAQhj7hAAk1mCFen6d+pVH7k/XA7d+jL2zi5VpxPb  
R96JdAiNK/Pbx6aRYa3K/9q5FsTjGYOq0ycOt6g2GG21vBLTF07KIXRhtV9L7+d+  
SVffQsFprfM4cgClzaZ6qPYWwUNZo3VyfYLbVG49Z7jFxXmUjsxMGG68qgtyJiWJ  
9Dpk1GtC/xXpLsqH+/s56evRijry/iWNqHXLX/fzGQyKBgTGZMPdix53vKqBb90t  
OvPTdc9WnE68jHRK1nxKHkHGdE85mjtTeSX8ELhjwhDmTWFjdrxfmZ/doDAt313l  
VF3uvIoxTmroiUxvxn/kuVphBxbSombgZmBh3+Y53K9RQVqpR3YGo/MDk/B18QwE  
fWcWnbxJTwI+wGrW5+a/pYMlqVwqIYRX7G1fRlCQtVPg7VY6NELr145KoA4iEWGE  
nLSMpe3BbmRxeLlRB31cID10sYOO7JzR/OKkvQdGIH7OkCMLjxHIN9uyaADHTW6p  
7ii5T5LWKvRmuUlJgG0ToSAbk0wjN7LbPPDJPlo2gmiWj3Atdl3cv+475XXeGRTM  
FpAOlcSkDHTmTVxOvYUB1L/8zkTSyLPDbAIXdZi52mai6gOiBrQqOzJozZa9jnh/  
xHnAoeBU8m0Jn2Op7R5NGx5P7I+roQDnz621IUPwpeeNO2botw7f9qi/wwPCaCC7  
x834/6/1kYE=  
=j6ax  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2022-6317-01

How identity-centric security can support business objectives.

With identity's emergence as the new perimeter, its role in supporting digital transformation, cloud adoption, and a distributed workforce is not being overlooked by today's enterprises. According to a recent report (registration required), 64% of IT stakeholders consider effectively managing and securing digital identities to be either the top priority (16%) of their security program or in the top three (48%). Despite this, businesses continue to struggle with identity-related breaches — 84% of the security and IT pros reported their organization suffered such a breach in the past year.

Getting buy-in for identity-centric security is vital, but making a case for investing in cybersecurity isn't about trafficking in FUD (fear, uncertainty, and doubt). Pushing identity further into strategic discussions requires the ability to demonstrate business value — to showcase how identity-based security aligns with and supports business objectives.

Almost all participants in the survey (98%) said the number of identities in their organization was increasing, with commonly cited causes including cloud adoption, more employees using technology, increasing third-party relationships, and growing numbers of machine identities. In this environment, many of today's enterprises have found themselves under immense pressure to ensure seamless and secure access to data and resources in an environment growing more distributed and complex.

This complexity, combined with motivated attackers and the increasing number of identities that must be managed, makes effective identity management a critical part of enabling business operations. Among the organizations that experienced an identity-related breach in the past year, the common threads were issues such as stolen credentials, phishing, and mismanaged privileges. The direct business impacts of a breach can be significant — with 42% citing a significant distraction from the core business, 44% noting recovery costs, and 35% reporting a negative impact on the organization's reputation. Loss of revenue (29%) and customer attrition (16%) were also reported.

**Translating IT Needs into Business Needs**

The case for focusing on identity is clear, but how do we begin translating IT needs into business needs? Step one is aligning the organization's priorities with where identity-centric security can fit in. Business goals tend to revolve around reducing costs, increasing productivity, and minimizing risk. Conversations about identity-based security, therefore, must demonstrate how that approach can advance some or all these points.

From the standpoint of productivity, for example, tight identity governance simplifies user provisioning and reviews of access rights. That means employees can be onboarded faster, and any departing employees will have their access revoked automatically. Eliminating manual efforts reduces the chance of error, including users with excessive privileges creating an unnecessary risk of exposure. The more streamlined and automated the processes around identity management are, the more efficient the business is — and the more secure.

As noted earlier, some of the driving forces for the growth in identities include cloud adoption and a spike in machine identities. The growth of machine identities is linked in part to Internet of Things (IoT) devices and bots. IoT and cloud are often parts of digital transformation strategies that can easily get hung up by concerns about access and the consistent enforcement of security policies. This reality presents an opportunity to frame discussions about security around how the business can adopt these technologies safely and without sacrificing compliance and security requirements.

**Frame Security Discussions in Breach Context**

Multifactor authentication (MFA), for example, was cited by many IT and security professionals as a measure that could have prevented or minimized the impact of the breaches they experienced. MFA is vital to enforcing access control, particularly for businesses with remote workers or those using cloud applications and infrastructure. Like them or not, passwords are ubiquitous. But they are also an attractive (and relatively easy) target for threat actors looking to access resources and gain a deeper foothold in your environment. Along with other identity-centric best practices that improve security posture, MFA provides another layer of defense that can bolster an organization's security.

In addition to MFA, IT and security pros commonly noted that more timely reviews of privileged access and continuous discovery of all user access rights would have prevented or lessened the effect of a breach. While many of these remain works in progress, overall, it appears organizations are starting to get the message.

When asked if during the past year their organization's identity program was included as an area of investment as part of any of these strategic initiatives — zero trust, cloud adoption, digital transformation, cyber-insurance investments, and vendor management — almost everyone chose at least one. Fifty-one percent said identity had been invested in as part of zero-trust efforts. Sixty-two percent said it was included as part of cloud initiatives, and 42% said it was part of digital transformation.

Getting started with identity-based security need not be overwhelming. However, it does require an understanding of your environment and business priorities. By focusing on how an identity-centric approach to security can support business objectives, IT professionals can get the leadership buy-in they need to implement the technology and processes that will raise the barrier of entry for threat actors.

Business Security Starts With Identity

Categories: Exploits and vulnerabilities
Categories: News
Apple has patched an actively-exploited flaw that affects a host of devices and software, including iPhones, Macs, iPads, and iPod touch.



(Read more...)




The post Important update! iPhones, Macs, and more vulnerable to zero-day bug appeared first on Malwarebytes Labs.

Posted: September 13, 2022 by

On Monday, Apple released a long list of patched vulnerabilities to its software, including a new zero-day flaw affecting Macs and iPhones. The company revealed it's aware that threat actors may have been actively exploiting this vulnerability, which is tracked as **CVE-2022-32917**.

As it's a zero-day, nothing much is said about CVE-2022-32917, only that it may allow malformed applications to execute potentially malicious code with kernel privileges. Apple says it's patched this flaw with improved bounds checks. Below is a list of products this bug affects:

*   Macs running macOS Monterey 12.6 and macOS Big Sur 11.7
*   iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

CVE-2022-32917 is the eighth zero-day flaw that Apple has addressed since the beginning of 2022. The first seven are as follows:

*   CVE-2022-32894, a flaw in the iOS Kernel, was patched in August
*   CVE-2022-32893, a flaw in WebKit, was patched in August
*   CVE-2022-22674, an Intel Graphics Driver bug, was patched in March
*   CVE-2022-22675, a bug in AppleACD, was patched in March
*   CVE-2022-22620, a WebKit bug affecting iPhones, Macs, and iPads, was patched in February
*   CVE-2022-22587, a privileged code execution flaw, was patched in January
*   CVE-2022-22594, a web browser activity tracking flaw, was patched in January

As this latest vulnerability is already being exploited, it's really important that you update your devices as soon as you can. Stay safe!

**RELATED ARTICLES**

**ABOUT THE AUTHOR**

Important update! iPhones, Macs, and more vulnerable to zero-day bug

An analysis of cloud services finds that known vulnerabilities typically open the door for attackers, while insecure cloud architectures allow them to gain access to the crown jewels.

Companies and their cloud providers often leave vulnerabilities open in their system and services, gifting attackers with an easy path to gain access to critical data.

According to an Orca Security analysis of data collected from major cloud services and released on Sept. 13, attackers only need, on average, three steps to gain access to sensitive data, the so-called "crown jewels," starting most often — in 78% of cases — with the exploitation of a known vulnerability.  

While much of the security discussion has focused on the misconfigurations of cloud resources by companies, cloud providers have often been slow to plug vulnerabilities, says Avi Shua, CEO and co-founder of Orca Security.

"The key is to fix the root causes, which is the initial vector, and to increase the number of steps that they attacker needs to take," he says. "Proper security controls can make sure that even if there is an initial attack vector, you are still not able to reach the crown jewels."

The report analyzed data from Orca's security research team using data from a "billions of cloud assets on AWS, Azure, and Google Cloud," which the company's customers regularly scan. The data included cloud workload and configuration data, environment data, and information on assets collected in the first half of 2022.

**Unpatched Vulnerabilities Cause Most Cloud Risk**

The analysis identified a few main problems with cloud-native architectures. On average, 11% of cloud providers' and their customers' cloud assets were considered "neglected," defined as not having been patched in the last 180 days. Containers and virtual machines, which make up the most common components of such infrastructure, accounted for more than 89% of neglected cloud assets.  

"There is room for improvement on both sides of the shared responsibility model," Shua says. "Critics have always focused on the customer side of the house \[for patching\], but in the past few years, there have been quite a few issues on the cloud-provider end that have not been fixed in a timely manner."  

In fact, fixing vulnerabilities may be the most critical problem, because the average container, image, and virtual machine had at least 50 known vulnerabilities. About three-quarters — 78% — of attacks start with the exploitation of a known vulnerability, Orca stated in the report. Moreover, a tenth of all companies have a cloud asset using software with a vulnerability at least 10 years old.

Yet the security debt caused by vulnerabilities is not evenly distributed across all assets, the report found. More than two-thirds — 68% — of Log4j vulnerabilities were found in virtual machines. However, only 5% of workload assets still have at least one of the Log4j vulnerabilities, and only 10.5% of those could be targeted from the Internet.

**Customer-Side Issues**

Another major problem is that a third of companies have a root account with a cloud provider that is not protected by multifactor authentication (MFA). Fifty-eight percent of companies have disabled MFA for at least one privileged user account, according to Orca's data. Failing to provide the additional security of MFA leaves systems and services open to brute-force attacks and password spraying.

In addition to the 33% of firms lacking MFA protections for root accounts, 12% of companies have an Internet-accessible workload with at least one weak or leaked password, Orca stated in its report.

Companies should look to enforce MFA across their organization (especially for privileged accounts), assess and fix vulnerabilities faster, and find ways to slow down attackers, Shua says.

"The key is to fix the root causes, which is the initial vector, and to increase the number of steps that the attacker needs to take, " he says. "Proper security controls can make sure that even if the attacker has success with the initial attack vector, they are still not able to reach the crown jewels."

Overall, both cloud providers and their business clients have security issues that need to be identified and patched, and both need to find ways to more efficiently close those issues, he adds; visibility and consistent security controls across all aspects of cloud infrastructure is key.

"It is not that their walls are not high enough," Shua says. "It is that they are not covering the entire castle."

Attackers Can Compromise Most Cloud Data in Just 3 Steps

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021.
"A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as

Government and state-owned organizations in a number of Asian countries have been targeted by a distinct group of espionage hackers as part of an intelligence gathering mission that has been underway since early 2021.

"A notable feature of these attacks is that the attackers leveraged a wide range of legitimate software packages in order to load their malware payloads using a technique known as DLL side-loading," the Symantec Threat Hunter team, part of Broadcom Software, said in a report shared with The Hacker News.

The campaign is said to be exclusively geared towards government institutions related to finance, aerospace, and defense, as well as state-owned media, IT, and telecom firms.

Dynamic-link library (DLL) side-loading is a popular cyberattack method that leverages how Microsoft Windows applications handle DLL files. In these intrusions, a spoofed malicious DLL is planted in the Windows Side-by-Side (WinSxS) directory so that the operating system loads it instead of the legitimate file.

The attacks entail the use of old and outdated versions of security solutions, graphics software, and web browsers that are bound to lack mitigations for DLL side-loading, using them as a conduit to load arbitrary shellcode designed to execute additional payloads.

Furthermore, the software packages also double up as a means to deliver tools to facilitate credential theft and lateral movement across the compromised network.

"\[The threat actor\] leveraged PsExec to run old versions of legitimate software which were then used to load additional malware tools such as off-the-shelf remote access Trojans (RATS) via DLL side-loading on other computers on the networks," the researchers noted.

In one of the attacks against a government-owned organization in the education sector in Asia lasted from April to July 2022, during which the adversary accessed machines hosting databases and emails, before accessing the domain controller.

The intrusion also made use of an 11-year-old version of Bitdefender Crash Handler ("javac.exe") to launch a renamed version of Mimikatz ("calc.exe"), an open source Golang penetration testing framework called LadonGo, and other custom payloads on multiple hosts.

One among them is a previously undocumented, feature-rich information stealer that's capable of logging keystrokes, capturing screenshots, connecting to and querying SQL databases, downloading files, and stealing clipboard data.

Also put to use in the attack is a publicly-available intranet scanning tool named Fscan to perform exploit attempts leveraging the ProxyLogon Microsoft Exchange Server vulnerabilities.

The identity of the threat group is unclear, although it's said to have used ShadowPad in prior campaigns, a modular backdoor that's fashioned as a successor to PlugX (aka Korplug) and shared among many a Chinese threat actor.

Symantec said it has limited evidence linking the threat actor's earlier attacks involving the PlugX malware to other Chinese hacking groups such as APT41 (aka Wicked Panda) and Mustang Panda. What's more, the use of a legitimate Bitdefender file to sideload shellcode has been observed in previous attacks attributed to APT41.

"The use of legitimate applications to facilitate DLL side-loading appears to be a growing trend among espionage actors operating in the region," the researchers said. "Although a well-known technique, it must be yielding some success for attackers given its current popularity."

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Asian Governments and Organizations Targeted in Latest Cyber Espionage Attacks

Categories: Apple
Categories: News
With the introduction of passkeys in iOS 16 and macOS Ventura, Apple is poised to sway a trend against the use of passwords.



(Read more...)




The post Apple puts the password on life support with passkey appeared first on Malwarebytes Labs.

Posted: September 13, 2022 by

The "passwordless future" is something many internet users—and a great majority of the cybersecurity industry—have hoped for. Now Apple is about to make those hopes a reality.

With the release of iOS 16 yesterday, and macOS Ventura next month, Apple fans will be able to use passkeys, its password replacement, for iPhones, iPads, and Macs. The word "passkey" is not unique to Apple, however. Microsoft and Google are using the term, too.

Apple's passkey works like a password in that it is built into entry boxes where you put your password. It also acts as a digital key that users create to access their apps or websites.

A video demonstrating passkey's use in Apple's WWDC 2022 event shows a prompt on the user's device before sign-in or during account creation, asking if they would like to "save a passkey" for the account in use. Once users say yes, they are prompted to authenticate the passkey creation using Face ID, Touch ID, or another method. The created passkey is stored in the user's iCloud Keychain and synced across all Apple devices and Safari web browsers.

Whenever a passkey is created, the device's system creates a pair of digital keys: public and secret keys. According to Garrett Davidson, an Apple engineer, in the demo video, these keys are created "securely and uniquely" for every account. The public key is stored on Apple's servers, while the secret key is kept on the device.

When signing in to an account protected by a passkey, the website or app looks for the secret key kept safe on the device to prove that the user is who the user claims they are. And because Apple's passkey is based on passwordless standards defined by the FIDO Alliance, it's likely the passkey can be stored anywhere, including some password managers with a provision for the passkey, such as Dashlane.

Those with other devices besides Apple can still take advantage of passkey. However, how things are done is slightly different because passkeys won't be stored on non-Apple devices. For example, accessing a browser account on a Windows machine would require a user to use a QR code containing a URL to a single-use encryption key and their iPhone. Once scanned, the machine and the device can communicate using end-to-end encryption via Bluetooth and share information.

"That means a QR code sent in an email or generated on a fake website won't work, because a remote attacker won't be able to receive the Bluetooth advertisement and complete the local exchange," Davidson said in the video.

"This has the potential to be _far_ superior to weak passwords and chosen by people who don't use a password manager or don't know how to choose a password," said Thomas Reed, Malwarebytes' Director for Mac & Mobile. "So even if this isn't 100% perfect, it's still going to be better than what most people are doing today."

**RELATED ARTICLES**

Tag

#mac