Tag Archives: security flaw

Microsoft patches critical Windows bug actively exploited in the wild

By Dan Goodin

Enlarge (credit: Lisa Brewster / Flickr)

Microsoft on Tuesday patched two Windows vulnerabilities that attackers are actively exploiting in the wild to install malicious apps on the computers of unwitting users.

The first vulnerability resides in the VBScript Engine included in all currently supported versions of Windows. A so-called use-after-free flaw involving the way the engine handles computer memory allows attackers to execute code of their choice that runs with the same system privileges chosen by the logged-in user. When targeted users are logged in with administrative rights, attackers who exploit the bug can take complete control of the system. In the event users are logged in with more limited rights, attackers may still be able to escalate privileges by exploiting a separate vulnerability.

CVE-2018-8174, as the flaw is formally indexed, is being actively exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus provider Kaspersky Lab, which then reported it to Microsoft. In the exploits observed by Kaspersky Lab:

Read 4 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Unstoppable exploit in Nintendo Switch opens door to homebrew and piracy

By Devin Coldewey

The Nintendo Switch may soon be a haven for hackers, but not the kind that want your data — the kind that want to run SNES emulators and Linux on their handheld gaming consoles. A flaw in an Nvidia chip used by the Switch, detailed today, lets power users inject code into the system and modify it however they choose.

The exploit, known as Fusée Gelée, was first hinted at by developer Kate Temkin a few months ago. She and others at ReSwitched worked to prove and document the exploit, sending it to Nvidia and Nintendo, among others.

Although responsible disclosure is to be applauded, it won’t make much difference here: this flaw isn’t the kind that can be fixed with a patch. Millions of Switches are vulnerable, permanently, to what amounts to a total jailbreak; only new ones with code tweaked at the factory will be immune.

That’s because the flaw is baked into the read-only memory of the Nvidia Tegra X1 used in the Switch and a few other devices. It’s in the “Boot and Power Management Processor” to be specific, where a misformed packet sent during a routine USB device status check allows the connected device to send up to 64 kibibytes (65,535 bytes) of extra data that will be executed without question. You need to get into recovery mode first, but that’s easy.

As you can imagine, getting arbitrary code to run on a device that deep in its processes is a huge, huge vulnerability. Fortunately it’s only available to someone with direct, physical access to the Switch. But that in itself makes it an extremely powerful tool for anyone who wants to modify their own console.

Modding consoles is done for many reasons, and indeed piracy is among them. But people also want to do things Nintendo won’t let them, like back up their saved games, run custom software like emulators, or extend the capabilities of the OS beyond the meager features the company has provided.

Temkin and her colleagues had planned to release the vulnerability publicly on June 15 or when someone releases the vulnerability independent of them — whichever came first. It turned out to be the latter, which apparently came as a surprise to no one in the community. The X1 exploit seems to have been something of an open secret.

The exploit was released anonymously by some hacker and Temkin accordingly published the team’s documentation of it on GitHub. If that’s too technical, there’s also some more plain-language chatter about the flaw in a FAQ posted earlier this month. I’ve asked Temkin for a few more details.

In addition to Temkin, failOverflow announced a small device that will short a pin in the USB connector and put the device into recovery mode, prepping it for exploitation. And Team-Xecuter was advertising a similar hardware attack months ago.

The answer to the most obvious question is no, you can’t just fire this up and start playing Wave Race 64 (or a pirated Zelda) on your Switch 15 minutes from now. The exploit still requires technical ability to implement, though as with many other hacks of this type, someone will likely graft it to a nice GUI that guides ordinary users through the process. (It certainly happened with the NES and SNES Classic Editions.)

Although the exploit can’t be patched away with a software update, Nintendo isn’t powerless. It’s likely that a modified Switch would be barred from the company’s online services (such as they are) and possibly the user’s account as well. So although the hacking process is, compared with the soldering required for modchips of decades past, low on risk, it isn’t a golden ticket.

That said, Fusée Gelée will almost certainly open the floodgates for developers and hackers who care little for Nintendo’s official ecosystem and would rather see what they can get this great piece of hardware to do on their own.

I’ve asked Nintendo and Nvidia for comment and will update when I hear back.

Source:: TechCrunch Gadgets


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Critical Telegram flaw under attack disguised malware as benign images

By Dan Goodin

Enlarge (credit: Kaspersky Lab)

Makers of the Telegram instant messenger have fixed a critical vulnerability that hackers were actively exploiting to install malware on users’ computers, researchers said Tuesday.

The flaw, which resided in the Windows version of the messaging app, allowed attackers to disguise the names of attached files, researchers from security firm Kaspersky Lab said in a blog post. By using the text-formatting standard known as Unicode, attackers were able to cause characters in file names to appear from right to left, instead of the left-to-right order that’s normal for most Western languages.

The technique worked by using the special Unicode formatting *U+202E* which causes text strings following it to be displayed from right to left. As a result, Telegram for Windows converted files with names such as “photo_high_regnp.js” to “photo_high_resj.png,” giving the appearance they were benign image files rather than files that executed code.

Read 2 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Microsoft is forcing users to install a critically flawed password manager

By Dan Goodin

Enlarge (credit: Microsoft)

Microsoft is quietly forcing some Windows 10 computers to install a password manager that contains a critical vulnerability disclosed 16 months ago that allows websites to steal passwords, a researcher said Friday.

Google Project Zero researcher Tavis Ormandy said in a blog post that the Keeper Password Manager came pre-installed on a newly built Windows 10 system derived directly from the Microsoft Developer Network. When he tested the unwanted app, he soon found it contained a critical flaw he had found in August 2016 in the non-bundled version of Keeper. The bug, he said, represents “a complete compromise of Keeper security, allowing any website to steal any password.”

With only basic changes to “selectors,” the old proof-of-concept exploit worked on the version installed without notice or permission on his Windows 10 system. Ormandy’s post linked to this publicly available proof-of-concept exploit, which steals an end user’s Twitter password if it’s stored in the Keeper app. Ormandy said Keeper developers have released a fixed version. Keeper representatives didn’t immediately respond to questions for this post.

Read 2 remaining paragraphs | Comments

Source:: Ars Tecnica


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!

Broadcom chip bug opened 1 billion phones to a Wi-Fi-hopping worm attack

By Dan Goodin

Enlarge (credit: Cheon Fong Liew)

LAS VEGAS—It’s not often that a security researcher devises an attack that can unleash a self-replicating attack that, with no user interaction, threatens 1 billion smartphones. But that’s just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm Broadpwn.

Although the flaw is now closed, the hack has important lessons as engineers continue their quest to secure mobile phones and other computing devices. Security protections such as address space layout randomization and data execution prevention have now become standard parts of the operating systems and apps. As a result, attackers have to work hard to exploit buffer overflows and other types of software vulnerabilities. That extra work largely makes self-replicating worms impossible. Artenstein’s exploit, however, suggests that such worms are by no means impossible.

Read 5 remaining paragraphs | Comments

Source:: Ars Technica Gadgets


Follow Tim on Twitter @tl1000rzx2
Or check out my other Tablet Site: THE Tablet Test Server
Or perhaps you need web hosting for a mere $5.95/month?.
Shop Our Sponsor


Shop Our Sponsor


HP Laptops at Super Low Prices!