EDX-Explorer

iOS 10.3 , released Vulnerability-related.PatchVulnerability to the public this morning , fixes Vulnerability-related.PatchVulnerability a bug that allowed scammers to attempt to extort money Attack.Ransom from iOS users through a JavaScript pop-up in Safari . As explained by mobile security firm Lookout ( via Ars Technica ) , the scammers targeted iOS users viewing pornographic material and abused JavaScript pop-ups to create an endless pop-up loop that essentially locked the browser if the user did n't know how to bypass it . Using `` scareware '' messages and posing as Attack.Phishing law enforcement , the scammers used the pop-ups to extort money Attack.Ransom in the form of iTunes gift cards from the victim , promising to unlock the browser for a sum of money . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be `` locked '' out from using Safari unless they paid a fee Attack.Ransom or knew they could simply clear Safari 's cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The endless pop-up issue could be fixed by clearing the Safari cache , but many users likely did not know they did n't need to shell out money to regain access to their browsers . Pop-up scams are no longer possible with iOS 10.3 , as Apple has changed the way pop-up dialogs work . Pop-ups are now per-tab and no longer take over the entire Safari app .

It has not been a good week for PDF programs . We had an Adobe Acrobat & Reader update released Vulnerability-related.PatchVulnerability yesterday that fixed Vulnerability-related.PatchVulnerability 86 vulnerabilities , including numerous critical ones . Not to be beaten , an update for Foxit PDF Reader and Foxit PhantomPDF was released Vulnerability-related.PatchVulnerability last Friday that fixes Vulnerability-related.PatchVulnerability a whopping 116 vulnerabilities , with 18 of them being discovered Vulnerability-related.DiscoverVulnerability by the Cisco Talos group . All of the 18 vulnerabilities found Vulnerability-related.DiscoverVulnerability by Cisco Talos , as well as many others fixed Vulnerability-related.PatchVulnerability by this update , are labeled as critical because they could lead to code execution . This would allow attackers to create Attack.Phishing specially crafted web pages or PDFs that could exploit these vulnerabilities to execute commands or install malware on vulnerable computers . Of the 18 vulnerabilities disclosed Vulnerability-related.DiscoverVulnerability by Cisco , 12 of them could be exploited Vulnerability-related.DiscoverVulnerability simply by visiting a web site when the Foxit PDF browser plugin is enabled . Foxit suggests that all users of Foxit PDF Reader and Foxit PhantomPDF upgrade Vulnerability-related.PatchVulnerability to version 9.3 to resolve Vulnerability-related.PatchVulnerability these vulnerabilities . Foxit PDF Reader 9.3 can be downloaded here and Foxit PhantomPDF can be downloaded here . It is strongly suggested that all users install this update . The full list of patched vulnerabilities is below and more information about who discovered Vulnerability-related.DiscoverVulnerability the vulnerabilities can be found Vulnerability-related.DiscoverVulnerability in Foxit 's security bulletin .

Google has released Vulnerability-related.PatchVulnerability the September 2018 Android security update for the supported Nexus and Pixel devices . The September Android security update fixes Vulnerability-related.PatchVulnerability as many as 59 issues through two different patch levels and comes as the first update for the devices running Android 9.0 Pie that the search giant released Vulnerability-related.PatchVulnerability as its latest Android version last month . It addresses Vulnerability-related.PatchVulnerability vulnerabilities ranging from high to critical . However , Google , as usual , assures that there are no reports of users being affected Vulnerability-related.DiscoverVulnerability by the security issues that have been fixed Vulnerability-related.PatchVulnerability through the new update . The list of compatible devices for the September Android security update includes Pixel 2 ₹ 38,499 , Pixel 2 XL ₹ 36,950 , Pixel , Pixel XL ₹ 66,991 , Pixel C , Nexus 5X , and Nexus 6P . Essential Products has also separately released Vulnerability-related.PatchVulnerability the newest Android security update for the Essential Phone . Detailing the fixes , Google in the latest security bulletin notes that the September Android security patch level dated 2018-09-01 addresses Vulnerability-related.PatchVulnerability 24 issues , while the security patch level dated 2018-09-05 fixes Vulnerability-related.PatchVulnerability 35 issues . The update fixes Vulnerability-related.PatchVulnerability vulnerabilities range from high to critical , and the most severe in the list is a security issue related to the media framework that could let a remote attacker execute arbitrary code using a specially crafted file . Also , it fixes Vulnerability-related.PatchVulnerability issues within the Android runtime , framework , and library . Google has assured that there are no reports of any active customer exploitation or abuse through the reported issues . As per the dedicated bulletin for Google devices , the September Android security update includes 15 security fixes and three functional updates . The update improves Vulnerability-related.PatchVulnerability software version reporting and audio quality over car speakers on all Pixel devices .

Cisco has released Vulnerability-related.PatchVulnerability fixes for 34 flaws in its software , including 24 that affect Vulnerability-related.DiscoverVulnerability its FXOS software for Firepower firewalls and NX-OS software for Nexus switches . Cisco 's June updates include fixes for five critical arbitrary code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability FXOS and NX-OS and 19 high-rated flaws affecting Vulnerability-related.DiscoverVulnerability the software . Four of the critical flaws affect Vulnerability-related.DiscoverVulnerability FXOS and NX-OS Cisco Fabric Services , while the fifth one affects Vulnerability-related.DiscoverVulnerability the NX-API feature of NX-OS . All have a CVSS v3 score of 9.8 out of a maximum of 10 . Cisco Fabric Services facilitate distribution and synchronization of configuration data between Cisco devices on the same network . Some of the flaws allow an unauthenticated , remote attack to execute arbitrary code and one allows an attacker to do so as root . Multiple switches are vulnerable Vulnerability-related.DiscoverVulnerability if they 've been configured to use Cisco Fabric Services , including its Nexus 2000 series through to Nexus 9000 series switches , as well as Cisco 's Firepower 4100 Series Next-Gen Firewalls and other hardware . The insufficient input validation may occur when FXOS and NX-OS process Cisco Fabric Services packets received during distribution and synchronization . There are various ways to exploit each of the flaws , depending on what Cisco Fabric Services distribution types have been configured . For example , if Fibre Channel ports are configured as a distribution type for a device , the attack could occur via Fibre Channel over Ethernet ( FCoE ) or Fibre Channel over IP ( FCIP ) . Cisco has already rolled out Vulnerability-related.PatchVulnerability fixes in some releases of FXOS and NX-OS . Cisco posted a blog this week explaining why it often fixes Vulnerability-related.PatchVulnerability bugs in IOS and NX-OS releases before disclosing Vulnerability-related.DiscoverVulnerability them in an advisory . It 's a practice that appears to cause confusion for customers wondering why it has n't told them fixed code has been available Vulnerability-related.PatchVulnerability for several months before it discloses Vulnerability-related.DiscoverVulnerability them . Cisco 's answer is that some flaws affect Vulnerability-related.DiscoverVulnerability more than 50 versions of its software . `` There have been some questions as to why creating Vulnerability-related.PatchVulnerability fixes and releasing Vulnerability-related.PatchVulnerability updates can take several weeks , or sometimes even months , before an advisory is published , '' Cisco 's Customer Assurance Security Programs team wrote . `` In some cases , there is a large number of supported software versions to be updated . The number of affected versions that will be updated Vulnerability-related.PatchVulnerability can range from single digits to nearly 50 or more . We are committed to issuing Vulnerability-related.PatchVulnerability fixes for every one of those supported versions . '' `` If we disclosed Vulnerability-related.DiscoverVulnerability the vulnerability after only fixing Vulnerability-related.PatchVulnerability one release , we would unnecessarily expose all customers running Vulnerability-related.PatchVulnerability other releases to potential exploitation once details about the attack itself became public . '' There are also 10 medium-severity flaws , including one that affects Vulnerability-related.DiscoverVulnerability some WebEx endpoints due to an already disclosed flaw in Nvidia 's Tegra TX1 chips .

A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patching Vulnerability-related.PatchVulnerability serious flaws in iOS but not revealing the fact until it fixes Vulnerability-related.PatchVulnerability the same bugs in macOS a week later . This happened during Apple 's update Vulnerability-related.PatchVulnerability for critical flaws in iOS 12 , tvOS 12 and Safari 12 on September 17 . A Wayback Machine snapshot of the original advisory does n't mention Vulnerability-related.DiscoverVulnerability any of the bugs that Project Zero researcher Ivan Fratric had reported Vulnerability-related.DiscoverVulnerability to Apple , and which were actually fixed Vulnerability-related.PatchVulnerability . Then , a week later , after Apple patched Vulnerability-related.PatchVulnerability the same bugs in macOS , the company updated Vulnerability-related.PatchVulnerability its original advisory with details about the nine flaws that Fratric had reported Vulnerability-related.DiscoverVulnerability , six of which affected Vulnerability-related.DiscoverVulnerability Safari . The update fixed Vulnerability-related.PatchVulnerability a Safari bug that allowed arbitrary code execution on macOS if a vulnerable version of Safari browsed to a website hosting an exploit for the bugs . While Fratric concedes that Apple is probably concealing Vulnerability-related.PatchVulnerability the fix in iOS to buy time to patch Vulnerability-related.PatchVulnerability macOS , he argues the end result is that people may ignore an important security update because they were n't properly informed by Apple in the security advisory . `` This practice is misleading because customers interested in the Apple security advisories would most likely read them only once , when they are first released and the impression they would get is that the product updates fix far fewer vulnerabilities and less severe vulnerabilities than is actually the case . '' Even worse , a skilled attacker could use the update for iOS to reverse-engineer a patch , develop an exploit for macOS , and then deploy it against a macOS user-base that does n't have a patch . Users also do n't know that Apple has released information that could make their systems vulnerable to attack . Fratric developed an exploit for one of the Safari bugs he reported and published Vulnerability-related.DiscoverVulnerability the attack on Thursday . The bugs were all found Vulnerability-related.DiscoverVulnerability using a publicly available fuzzing tool he developed , called Domato , meaning anyone else , including highly advanced attackers , could use it too . `` If a public tool was able to find that many bugs , it is expected that private ones might be even more successful , '' he noted . He was n't aiming to write a reliable or sophisticated exploit , but the bug is useful enough for a skilled exploit writer to develop an attack to spread malware and `` potentially do a lot of damage even with an unreliable exploit '' . Fratric said he successfully tested the exploit on Mac OS 10.13.6 High Sierra , build version 17G65 . `` If you are still using this version , you might want to update , '' noted Fratric . On the upside , it appears Apple and its Safari WebKit team have improved the security of the browser compared with the results of Fratric 's Domato fuzzing efforts last year , which turned up way more bugs in Safari than in Chrome , Internet Explorer , and Edge . Last year he found Vulnerability-related.DiscoverVulnerability 17 Safari flaws using the fuzzing tool . His final word of warning is not to discount any of the bugs he found just because no one 's seen them being attacked in the wild . `` While it is easy to brush away such bugs as something we have n't seen actual attackers use , that does n't mean it 's not happening or that it could n't happen , '' the researcher noted .

Security researchers at Qualys Security have discovered Vulnerability-related.DiscoverVulnerability a Linux flaw that could be exploited Vulnerability-related.DiscoverVulnerability to gain root privileges and overwrite any file on the filesystem on SELinux-enabled systems . The high severity flaw , tracked as Vulnerability-related.DiscoverVulnerability CVE-2017-1000367 , resides in Vulnerability-related.DiscoverVulnerability the Sudo ’ s get_process_ttyname ( ) for Linux and is related to the way Sudo parses tty information from the process status file in the proc filesystem . The Linux flaw could be exploited Vulnerability-related.DiscoverVulnerability by a local user with privileges to execute commands via Sudo and could allow attackers to escalate their privileges to root . The Sudo ’ s get_process_ttyname ( ) function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . These fields are space-separated , the field 2 ( comm , the filename of the command ) can contain spaces . Sudoer users on SELinux-enabled systems could escalate their privileges to overwrite any file on the filesystem with their command ’ s output , including root-owned files . “ We discovered Vulnerability-related.DiscoverVulnerability a vulnerability in Sudo ’ s get_process_ttyname ( ) for Linux : this function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . Unfortunately , these fields are space-separated and field 2 ( comm , the filename of the command ) can contain spaces ( CVE-2017-1000367 ) . ” reads the security advisory . “ On an SELinux-enabled system , if a user is Sudoer for a command that does not grant him full root privileges , he can overwrite any file on the filesystem ( including root-owned files ) with his command ’ s output , because relabel_tty ( ) ( in src/selinux.c ) calls open ( O_RDWR|O_NONBLOCK ) on his tty and dup2 ( ) s it to the command ’ s stdin , stdout , and stderr . This allows any Sudoer user to obtain full root privileges. ” To exploit the issue , a Sudo user would have to choose a device number that doesn ’ t exist under “ /dev ” . If the terminal isn ’ t present under the /dev/pts directory when the Sudo performs a breadth-first search of /dev , the user could allocate a pseudo-terminal between the two searchers and create a “ symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm , ” “ Exploiting the bug requires that the user already have sudo privileges . SELinux must also be enabled on the system and sudo must have been built with SELinux support . To exploit the bug , the user can choose a device number that does not currently exist under /dev . If sudo does not find the terminal under the /dev/pts directory , it performs a breadth-first search of /dev . It is possible to allocate a pseudo-terminal after sudo has checked /dev/pts but before sudo performs its breadth-first search of /dev . The attacker may then create a symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm. ” read a Sudo alert . “ This file will be used as the command ’ s standard input , output and error when an SELinux role is specified on the sudo command line . If the symbolic link under /dev/shm is replaced with a link to an another file before it is opened by sudo , it is possible to overwrite an arbitrary file by writing to the standard output or standard error . This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. ” The Linux flaw affects Vulnerability-related.DiscoverVulnerability all Sudo versions from 1.8.6p7 through 1.8.20 , the Sudo 1.8.20p1 fixes Vulnerability-related.PatchVulnerability it , the issue was rated with a CVSS3 Base Score of 7.8 .

Adobe is no stranger to finding itself in the security headlines for all the wrong reasons , and it seems that things may not be changing as we enter 2017 . There was controversy earlier this month when news broke about how Adobe took the opportunity on Patch Tuesday of using its regular security updates to force Adobe Acrobat DC users into silently installing a Google Chrome extension . As Bleeping Computer reports , most people first found out about the extension , which offers the ability to easily convert webpages into PDF files , when they saw a prompt asking them to approve the following permissions : Of course , you could choose to remove the extension , but it ’ s the “ Enable ” option which is set by default – and it is probably what many people would click on without thinking of the possible consequences . Users expressed their outrage on social media about Adobe silently installing the Windows-only extension , leaving poor reviews in the Chrome web store : “ How DARE Adobe install this extension automatically and silently as part of a ‘ security ’ update for Acrobat . Not only am I removing the extension from the browser , I am permanently removing Acrobat from ALL systems on my network and blocking any further installations . My school district will be Acrobat free AS SOON AS HUMANLY POSSIBLE . Further , I will recommend to the Department of Education a different solution for PDF viewing and editing . I will push and fight to get as many people as I can to stop using this disgusting trash ” . What further upset some users was that the Adobe Acrobat Chrome extension sends “ anonymous product usage data ” back to Adobe , although the company stresses that it does not receive details of the URLs visited by users . It wasn ’ t long before headlines appeared comparing the sneakily-installed extension to “ spyware ” . Well , perhaps… Controversial Google security researcher Tavis Ormandy ’ s interest was piqued by all of the attention being given to the extension , so he made his own examination of its code and found Vulnerability-related.DiscoverVulnerability that it was vulnerable Vulnerability-related.DiscoverVulnerability to cross-site scripting ( XSS ) attacks . According to statistics displayed on the Chrome web store , the controversial extension has tens of millions of users – all of whom are potentially vulnerable because of the flaw in its code . Every time you add additional software to your computer , you are increasing your potential attack surface . And be wary of software that is installed without your permission or that vendors bundle with their software against your wishes . Adobe has responded to Ormandy ’ s report Vulnerability-related.DiscoverVulnerability by saying it has now issued Vulnerability-related.PatchVulnerability an update to the extension that fixes Vulnerability-related.PatchVulnerability the security holes

Simon Kenin , a security researcher at Trustwave , was – by his own admission – being lazy the day he discovered Vulnerability-related.DiscoverVulnerability an authentication vulnerability in his Netgear router . Instead of getting up out of bed to address a connection problem , he started fuzzing the web interface and discovered Vulnerability-related.DiscoverVulnerability a serious issue . Kenin had hit upon unauth.cgi , code that was previously tied to two different exploits in 2014 for unauthenticated password disclosure flaws . The short version of the 2014 vulnerability is that an attacker can get unauth.cgi to issue a number that can be passed over to passwordrecovered.cgi in order to receive credentials . Kenin tested their exploits and was able to get his password . [ Learn about top security certifications : Who they 're for , what they cost , and which you need . The following day he started gathering other Netgear devices to test . While repeating the process , he made an error , but that did n't prevent him from obtaining credentials . That accidental discovery Vulnerability-related.DiscoverVulnerability resulted in CVE-2017-5521 . `` After few trials and errors trying to reproduce the issue , I found Vulnerability-related.DiscoverVulnerability that the very first call to passwordrecovered.cgi will give out the credentials no matter what the parameter you send . This is totally new bug that I haven’t seen Vulnerability-related.DiscoverVulnerability anywhere else . When I tested both bugs on different NETGEAR models , I found Vulnerability-related.DiscoverVulnerability that my second bug works on a much wider range of models , '' Kenin explained in a recent blog post . There are at least ten thousand devices online that are vulnerable Vulnerability-related.DiscoverVulnerability to the flaw that Kenin discovered Vulnerability-related.DiscoverVulnerability , but he says the real number could reach the hundreds of thousands , or even millions . `` The vulnerability can be used by a remote attacker if remote administration is set to be Internet facing . However , anyone with physical access to a network with a vulnerable router can exploit it locally . This would include public Wi-Fi spaces like cafés and libraries using vulnerable equipment , '' Kenin wrote . Kenin reached out to Netgear and reported the problems , but it was no easy task . The first advisory listed 18 devices that were vulnerable Vulnerability-related.DiscoverVulnerability , followed by a second advisory detailing an additional 25 models . A few months later , in June 2016 , Netgear finally published an advisory that offered Vulnerability-related.PatchVulnerability a fix for a small subset of the vulnerable devices , and a workaround for others . Eventually , Netgear reported that they were going to fix Vulnerability-related.PatchVulnerability all the unpatched models . They also teamed up with Bugcrowd to improve their vulnerability handling process . Netgear has a status page on the vulnerability , they also provide a workaround for those who ca n't update their firmware yet . It was n't until after the story ran that the PR firm representing Trustwave and pitching the research named Simon Kenin as one who made the discovery Vulnerability-related.DiscoverVulnerability . Netgear issued a statement , downplaying the discovery some Vulnerability-related.DiscoverVulnerability , and reminding users that fixes are available Vulnerability-related.PatchVulnerability for most of the impacted devices . The emailed comments are reprinted below : NETGEAR is aware of the vulnerability ( CVE-2017-5521 ) , that has been recently publicized Vulnerability-related.DiscoverVulnerability by Trustwave . We have been working with the security analysts to evaluate the vulnerability . NETGEAR has published Vulnerability-related.DiscoverVulnerability a knowledge base article from our support page , which lists the affected routers and the available firmware fix Vulnerability-related.PatchVulnerability . Firmware fixes are currently available Vulnerability-related.PatchVulnerability for the majority of the affected devices . To download the firmware release that fixes Vulnerability-related.PatchVulnerability the password recovery vulnerability , click the link for the model and visit the firmware release page for further instructions .

Warning Vulnerability-related.DiscoverVulnerability the device is susceptible to denial of service attacks , Cisco Systems on Wednesday released Vulnerability-related.PatchVulnerability a patch for its NetFlow Generation Appliance . The flaw traces back to the hardware ’ s Stream Control Transmission Protocol ( SCTP ) used by the appliance , according to a Cisco Security Advisory posted Vulnerability-related.DiscoverVulnerability Wednesday . Cisco warns Vulnerability-related.DiscoverVulnerability the vulnerability , “ could allow an unauthenticated , remote attacker to cause the device to hang or unexpectedly reload , causing a denial of service ( DoS ) condition ” . The bug ( CVE-2017-3826 ) is due to incomplete validation of SCTP packets being monitored on the NGA data ports , Cisco wrote . It impacts Vulnerability-related.DiscoverVulnerability Cisco NetFlow Generation Appliances NGA 3140 , NGA 3240 and NGA 3340 . NetFlow Generation Appliances are located within enterprise data centers and designed to monitor Gigabit Ethernet high-throughput networks . An attacker exploiting the vulnerability , “ could exploit this vulnerability by sending malformed SCTP packets on a network that is monitored by an NGA data port . SCTP packets addressed to the IP address of the NGA itself will not trigger this vulnerability . An exploit could allow the attacker to cause the appliance to become unresponsive or reload , causing a DoS condition , ” Cisco said . While there are no workarounds to fix Vulnerability-related.PatchVulnerability the vulnerability , Cisco is urging users to apply an update that fixes Vulnerability-related.PatchVulnerability the bug , Cisco NetFlow Generation Appliance Software release Vulnerability-related.PatchVulnerability 1.1 ( 1a ) . The company added that the fix does not apply Vulnerability-related.PatchVulnerability to NGA 3140 because that platform was sunsetted January 11 , 2014 . Last month , Cisco patched Vulnerability-related.PatchVulnerability an authentication bypass vulnerability in its Cisco Prime Home hardware . In January , Cisco patched Vulnerability-related.PatchVulnerability a flaw rated critical found in Vulnerability-related.DiscoverVulnerability is WebEx Chrome Plugin , used by tens of millions for web conferencing in business environments , that exposed computers to remote code execution . Cisco Systems released Vulnerability-related.PatchVulnerability a patch Monday to fix Vulnerability-related.PatchVulnerability a critical security vulnerability , with a CVSS rating of 10 , in its Secure Sockets Layer VPN solution called Adaptive Security Appliance

Data: MAVEN

Trigger word: mutilation

Event Types (Count): Vulnerability-related.PatchVulnerability (12)

Negative Trigger