Jan 28, 2015 (Jiale and Xiao)
-
Wi-Fi Direct Flaw Exposes Android Devices to DoS Attacks
- The vulnerability is an uncaught exception (CVE-2014-0997) that could cause devices to reboot.
- The vulnerability has been successfully reproduced on a Nexus 4 and a Nexus 5 running Android 4.4.4, on an LG D806 and a Samsung SM-T310 running Android 4.2.2
- An attacker can leverage this flaw when the targeted Android phone is scanning for devices using Wi-Fi Direct, the standard that allows devices to connect with each other without having to go through an access point.
- This causes the device to reboot resulting a DoS Attack
-
Flash 0-Day Exploit Used by Angler Exploit Kit
- The "Angler" exploit kit is a tool frequently used in drive-by download attacks.
- Drive-by download attacks simply means download and install program without your consent or even your knowledge.
(For example, when you visit a malicious website, a spyware is downloaded and installed silencely by using the vulnerability of your browser.)
- Angler exploit kit is such a tool to probe the browser for different vulnerabilities, and then exploit them to install malware.
- The exploit kit is very flexible and new exploits are added to it constantly.
- It is currently using an Flash 0-day exploit to install malware.
- Current versions of Windows (e.g. Window 8 + IE 10) appear to be vulnerable.
- Windows 8.1, or Google Chrome do not appear to be vulnerable.
- Adobe has patched the flash player, but have not push the update yet, and some people claim the patch actually doesnot work.
- Our suggestion is update the Adobe Flash player, or use other browser. But the most important thing is have a good habit, and not visit untrusted websites.
-
“Thunderstrike” attack fixed in OS X 10.10.2
- Macs, like all computers, have firmware that swings into action when you push the power button, booting up the computer, loading the operating system, initializing hardware, and performing other functions
- Some technologies, such as FireWire and Thunderbolt, interact with this firmware at an extremely low level, below Mac OS X itself, for feature and performance reasons.
- The Thunderstrike proof-of-concept takes advantage of this trust to replace the contents of the Mac's boot ROM with the attacker's own code, effectively embedding it into the Mac's hardware and making it impossible to remove using standard techniques.
- The attack works because Apple relies on software checks to confirm the firmware is valid, and Hudson developed techniques to circumvent those checks (and even replace the encryption key).
-
Confluence Server bug fixed
- Confluence server is a team collaboration software, and is widely used by many company such as IBM for enterprise wiki.
- They just fixed a vulnerability in their fork of WebWork.
- Attackers can use this vulnerability to execute Java code of their choice on systems that use this framework.
- The attacker needs to have an account and be able to access the Confluence web interface.
- Details: CONF-36080
-
Marriott fixes Android app issue
- The flaw has likely been present since the app became available in 2011.
- A flaw that may have exposed sensitive payment card data belonging to Marriott International Android app users has been patched by the hotel chain.
- The weakness came into play when the app interacted with the Marriott server. The app failed to use any token or authorization protocol to access reservations, meaning any potential attacker could create a script to submit a random sequence of numbers to the server until one matched a Marriott membership number. This would then enable them to access member information which included names, reservation numbers, addresses, contact details and the last four digits of credit cards.
-
STUN IP Address requests for WebRTC
- STUN is short for Session Traversal Utilities for NAT.
It is a network protocol to allow an end host to discover its public IP address and other informations when it is located behind a network address translation.
A STUN server receives requests from clients and sends back responses, containing the IP Network information that these systems can use to detect the type of NAT network they are in.
- WebRTC is a project that provides browsers and mobile applications with Real-Time Communication (RTC) abilities via simple APIs.
- Firefox and Chrome have implemented WebRTC that allow requests to STUN servers be made, and the reply will return the local and public IP addresses for the user.
- These request RESULTS are available to javascript, so you can now obtain a users local and public IP addresses in javascript.
- STUN REQUESTS are made outside of the normal XMLHttpRequest procedure, so they are not visible in the developer console or able to be blocked by plugins such as AdBlockPlus.
- This makes these types of requests available for online tracking if an advertiser sets up a STUN server with a wildcard domain.
- Simple Demo
-
“Ghost” Vulnerability Impacts Linux System (CVE-2015-0235)
- The issue is a weakness in the Linux glibc library that allows remote attackers to take control of a targeted system without having any system credentials.
- Company researchers uncovered the bug when a code audit revealed a buffer overflow in the __nss_hostname_digits_dots() function of glibc. The bug can be triggered both locally and remotely via all the gethostbyname*() functions.
- In our testing, we were able to exploit the issue by sending a specially crafted e-mail to the mail server which gave us full access i.e. shell access to the machine
- GNU C Library affected by this is glibc-2.2, which was released on Nov. 10, 2000.
- The issue was actually fixed on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However, Sarwate blogged, the issue was not recognized as a security threat. As a result, most stable and long-term-support distributions were left exposed including Debian 7 (wheezy), Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7 and Ubuntu 12.04.
- To fix, patch your Linux system to the latest version.