Apple Releases Urgent 0-Day Bug Patch for Mac, iPhone and iPad Devices
Apple on Monday rolled out an urgent security update for iOS, iPadOS, and macOS to address a zero-day flaw that it said may have been actively exploited, making it the thirteenth such vulnerability Apple has patched since the start of this year.
The updates, which arrive less than a week after the company released iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to the public, fixes a memory corruption issue in the IOMobileFrameBuffer component, a kernel extension for managing the screen framebuffer, that could be abused to execute arbitrary code with kernel privileges.
Stack Overflow Teams
The timing of the update also raises questions about whether the zero-day had any role in compromising iPhones using NSO Group’s Pegasus software, which has become the focus of a series of investigative reports that have exposed how the spyware tool turned mobile phones of journalists, human rights activists, and others into portable surveillance devices, granting complete access to sensitive information stored in them.
Given the public availability of a proof-of-concept exploit, it’s highly recommended that users move quickly to update their devices to the latest version to mitigate the risk associated with the flaw.
Source — https://thehackernews.com/2021/07/apple-releases-urgent-0-day-bug-patch.html
Hackers Turning to ‘Exotic’ Programming Languages for Malware Development
Threat actors are increasingly shifting to «exotic» programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.
«Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,» said Eric Milam, Vice President of threat research at BlackBerry. «That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products».
Stack Overflow Teams
Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems.
Programs written using the same malicious techniques but in a new language are not usually detected at the same rate as those written in a more mature language,» BlackBerry researchers concluded.
Source — https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks.
Stack Overflow Teams
EspoCRM is an open-source customer relationship management application, while Pimcore is an open-source enterprise software platform for customer data management, digital asset management, content management, and digital commerce. Akaunting, on the other hand, is an open-source and online accounting software designed for invoice and expense tracking.
The list of issues is as follows -CVE-2021–3539 — Persistent XSS flaw in EspoCRM v6.1.6
CVE-2021–31867 — SQL injection in Pimcore Customer Data Framework v3.0.0
CVE-2021–31869 — Pimcore AdminBundle v6.8.0
CVE-2021–36800 — OS command injection in Akaunting v2.1.12
Pimcore Customer Data Framework
Also addressed in Akaunting is a weak password reset vulnerability where the attacker can abuse the «I forgot my password» functionality to send a phishing email from the application to a registered user containing a malicious link that, when clicked, delivers the password reset token.
«All three of these projects have real users, real customers of their attendant support services and cloud-hosted versions, and are undoubtedly the core applications supporting thousands of small to medium businesses running today,» the researchers noted.
Source — https://thehackernews.com/2021/07/several-bugs-found-in-3-open-source.html
New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. Mitigations have since been released in Zimbra versions 8.8.15 Patch 23 and 9.0.0 Patch 16. CVE-2021–35208 — Stored XSS Vulnerability in ZmMailMsgView.
Stack Overflow Teams
Zimbra is a cloud-based email, calendar, and collaboration suite for enterprises and is available both as an open-source version and a commercially supported version with additional features such as a proprietary connector API to synchronize mail, calendar, and contacts to Microsoft Outlook, among others.
«The downside of using server-side sanitization is that all three clients may transform the trusted HTML of an email afterwards to display it in their unique way,» Scannell said. «Transformation of already sanitized HTML inputs can lead to corruption of the HTML and then to XSS attacks».
«Zimbra would like to alert its customers that it is possible for them to introduce an SSRF security vulnerability in the Proxy Servlet,» the company noted in its advisory. «If this servlet is configured to allow a particular domain , and that domain resolves to an internal IP address , an attacker could possibly access services running on a different port on the same server, which would normally not be exposed publicly».
Stay Focused. Stay Vigilant.
Cyber Threat Incident Management Team — Cyber Security Community @ SLIIT