Data: CASIE
Negative Trigger
a
major
vulnerability
in
the
Bitcoin
(
BTC
)
network
’
s
(
client
)
codebase
.
Explaining
the
potentially
serious
nature
of
the
software
bug
,
which
is tracked as
Vulnerability-related.DiscoverVulnerability
CVE-2018-17144
and
classified
as
a
denial-of-service
(
DoS
)
attack
,
Casaba
Security
co-founder
Jason
Glassberg
said
Vulnerability-related.DiscoverVulnerability
:
“
[
It
]
can
take
down
the
network.
”
Glassberg
also
told
Vulnerability-related.DiscoverVulnerability
ZDNet
the
vulnerability
in
the
Bitcoin
Core
codebase
“
would
[
have
]
affected
transactions
in
the
sense
that
they
can
not
be
completed
,
but
does
not
appear
to
open
up
a
way
to
steal
or
manipulate
wallets.
”
Denial-of-Service
(
DoS
)
,
51
%
Attacks
The
Bitcoin
Core
client
software
is
used
by
BTC
miners
to
validate
transactions
on
the
cryptocurrency
’
s
blockchain
and
the
recent
vulnerability
found
Vulnerability-related.DiscoverVulnerability
in
its
source
code
could
have
been
used
to
intentionally
crash
bitcoin
’
s
full-node
operators
.
Although
not
logistically
feasible
,
this
particular
software
bug
could
have
been
remotely
exploited
Vulnerability-related.DiscoverVulnerability
by
an
attacker
to
launch
a
51
%
attack
in
which
one
entity
controls
the
majority
of
the
hashing
(
or
computing
)
power
of
a
cryptocurrency
network
.
Advisory
Notice
,
Critical Patch Released
Vulnerability-related.PatchVulnerability
In
most
cases
,
a
bad
actor
has
orchestrated
a
51
%
attack
in
order
to
manipulate
transactions
on
a
cryptocurrency
’
s
blockchain
for
financial
gains
.
At
present
,
it
would
cost
approximately
$
490,000
to
launch
such
an
attack
(
for
1
hour
)
on
the
Bitcoin
network
,
according
to
Crypto51
.
However
,
if
the
recent
Bitcoin
Core
software
bug
had not been patched
Vulnerability-related.PatchVulnerability
,
a
bad
actor
could
have
initiated
a
51
%
attack
on
the
cryptocurrency
’
s
network
at
a
considerably
lower
cost
.
The
Bitcoin
Core
developers
posted
Vulnerability-related.DiscoverVulnerability
an
advisory
notice
(
on
September
19th
)
regarding
this
DoS
vulnerability
.
Users
of
Bitcoin
Core
have
been
instructed
to
upgrade
Vulnerability-related.PatchVulnerability
to
version
0.16.3
of
the
software
.
Previous
versions
(
0.14.0
to
0.16.3
)
of
the
client
contain
the
DoS
vulnerability
.
Bitcoin
Knots
,
one
of
at
least
96
bitcoin
forks
to
date
,
was considered vulnerable
Vulnerability-related.DiscoverVulnerability
as
well
and
its
client
software
was patched
Vulnerability-related.PatchVulnerability
.
``
Copycat
''
Cryptos
Are
At
Risk
Notably
,
the
CVE-2018-17144
vulnerability
could
have also affected
Vulnerability-related.DiscoverVulnerability
the
litecoin
(
LTC
)
network
but
its
client
has received
Vulnerability-related.PatchVulnerability
a
patch
.
Commenting
on
the
serious
nature
of
these
software
bugs
,
Cornell
computer
science
professor
Emin
Gün
Sirer
said
Vulnerability-related.DiscoverVulnerability
:
“
Copycat
currencies
are
at
risk
”
-
meaning
that
all
bitcoin
forks
are vulnerable
Vulnerability-related.DiscoverVulnerability
to
the
attack
.
The
Turkish-American
cryptographer
,
who
identified
Vulnerability-related.DiscoverVulnerability
critical
vulnerabilities
in
Ethereum
’
s
codebase
before
its
network
was
hit
with
the
DAO
attack
,
was
referring
to
all
the
currently
69
active
bitcoin
forks
that
could
still
be exploited
Vulnerability-related.DiscoverVulnerability
with
a
51
%
attack
as
their
clients
might
still
not
have received
Vulnerability-related.PatchVulnerability
a
patch
and
are
not
as
secure
as
bitcoin
network
due
to
their
smaller
size
.
In
fact
,
Crypto51
has
estimated
it
would
only
cost
$
122
to
launch
a
51
%
attack
on
the
Bitcoin
Private
(
BTCP
)
network
.
However
,
this
estimate
has
not
been
confirmed
by
another
source
.
This
week
,
Adobe
released
Vulnerability-related.PatchVulnerability
its
monthly
scheduled
update
bundle
addressing
Vulnerability-related.PatchVulnerability
vulnerabilities
within
its
different
products
.
The
Adobe
patch
Tuesday
November
updates
allegedly
fixed
Vulnerability-related.PatchVulnerability
numerous
vulnerabilities
leading
to
information
disclosure
.
These
vulnerabilities
existed in
Vulnerability-related.DiscoverVulnerability
Adobe
Acrobat/Reader
,
Flash
Player
,
and
Photoshop
CC
.
The
recently
released
Adobe
Patch
Tuesday
November
updates
addressed
Vulnerability-related.PatchVulnerability
three
different
vulnerabilities
–
all
resulting
in
information
disclosure
.
The
first
one
existed in
Vulnerability-related.DiscoverVulnerability
the
Adobe
Photoshop
CC
affecting
Vulnerability-related.DiscoverVulnerability
versions
19.1.6
and
prior
for
both
Windows
and
MacOS
.
As
described
in
the
security
advisory
,
Adobe
has fixed
Vulnerability-related.PatchVulnerability
this
important
Out-of-bounds
read
vulnerability
(
CVE-2018-15980
)
in
the
Photoshop
CC
versions
19.1.7
and
20.0
.
The
second
information
disclosure
flaw
affected
Vulnerability-related.DiscoverVulnerability
Adobe
Reader
and
Acrobat
for
Windows
.
Explaining
about
the
flaw
in
their
advisory
,
Adobe
stated
,
“
Successful
exploitation
could
lead
to
an
inadvertent
leak
of
the
user
’
s
hashed
NTLM
password.
”
The
vulnerability
initially
received the CVE
Vulnerability-related.DiscoverVulnerability
number
CVE-2018-4993
,
when
Check
Point
Research
first reported
Vulnerability-related.DiscoverVulnerability
the
bug
.
However
,
as
recently disclosed
Vulnerability-related.DiscoverVulnerability
by
the
EdgeSpot
,
Adobe
only
patched
Vulnerability-related.PatchVulnerability
a
single
variant
of
this
bug
.
Whereas
,
the
EdgeSpot
team
discovered
Vulnerability-related.DiscoverVulnerability
other
variants
that
hinted
towards
a failed patching
Vulnerability-related.PatchVulnerability
of
the
bug
instead
of
a
new
vulnerability
.
The
patched
vulnerability
has now received CVE
Vulnerability-related.DiscoverVulnerability
number
CVE-2018-15979
“
to
reflect
that
the
patch
is available
Vulnerability-related.PatchVulnerability
”
.
The
third
vulnerability
addressed
Vulnerability-related.PatchVulnerability
this
month
is
an
out-of-bounds
Read
vulnerability
(
CVE-2018-15978
)
in
the
Adobe
Flash
Player
.
The
affected
versions
include
31.0.0.122
and
earlier
for
Windows
,
Linux
,
and
MacOS
.
Unlike
previous
months
,
the
Adobe
Patch
Tuesday
November
update
bundle
addressed
Vulnerability-related.PatchVulnerability
fewer
bugs
.
Moreover
,
none
of
the
patched
vulnerabilities
had
a
critical
severity
impact
.
In
October
,
Adobe
patched
Vulnerability-related.PatchVulnerability
86
different
vulnerabilities
including
47
critical
ones
.
Whereas
,
in
September
,
they
addressed
Vulnerability-related.PatchVulnerability
6
critical
flaws
.
Adobe
has fixed
Vulnerability-related.PatchVulnerability
the
bugs
CVE-2018-15980
and
CVE-2018-15978
in
Adobe
Photoshop
CC
versions
19.1.7
and
20.0
and
Adobe
Flash
Player
version
31.0.0.148
,
respectively
.
Whereas
,
CVE-2018-15979
has received
Vulnerability-related.PatchVulnerability
a
patch
in
Adobe
Acrobat
DC
and
Reader
DC
version
2019.008.20081
,
Acrobat
2017
and
Acrobat
Reader
DC
2017
version
2017.011.30106
,
and
Acrobat
DC
and
Acrobat
Reader
DC
(
Classic
2015
)
version
2015.006.30457
.
For
protection
against
the
three
important
vulnerabilities
addressed
Vulnerability-related.PatchVulnerability
in
November
updates
,
users
should
make
sure
to
upgrade
Vulnerability-related.PatchVulnerability
their
software
to
the
patched
versions
at
the
earliest
convenience
.