End-of-Day report
Timeframe: Donnerstag 11-07-2019 18:00 - Freitag 12-07-2019 18:00
Handler: Robert Waldner
Co-Handler: n/a
News
Burning down the house with IoT
For years we-ve been trying to set fire to -smart- things by hacking them. We got some charring on the iKettle, but nothing more. Then we found some smart hair straighteners.
https://www.pentestpartners.com/security-blog/burning-down-the-house-with-iot/
Investigating Some Subscription Scam iOS Apps
For some reason Apple allows "subscription scam" apps on the App Store. These are apps that are free to download and then ask you to subscribe right on launch. ... Aside from being classic subscription scam apps, I wanted to examine how they work internally and how they communicate with their servers and what type of information are they sending.
https://apple.slashdot.org/story/19/07/11/1953207/investigating-some-subscription-scam-ios-apps
iOS URL Scheme Susceptible to Hijacking
For example, when a URL with
facetime:// is opened, FaceTime places a call - this is the URL Scheme coming into play. It is a very convenient shortcut; but the URL Scheme is designed for communication, not security. Below, we discuss how abuse of the URL Scheme can potentially result in the loss of privacy, bill fraud, exposure to pop-up ads, and more.
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
16Shop Now Targets Amazon
Since early November 2018 McAfee Labs have observed a phishing kit, dubbed 16Shop, being used by malicious actors to target Apple account holders in the United States and Japan. Typically, the victims receive an email with a pdf file attached. An example of the message within the email is shown below, with an accompanying translation: [...]
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/16shop-now-targets-amazon/
FIRST Announces CVSS Version 3.1
The Forum of Incident Response and Security Teams (FIRST) on Friday announced version 3.1 of the Common Vulnerability Scoring System (CVSS). CVSS is a widely adopted standard for rating the severity of software vulnerabilities, and it provides a framework for communicating the characteristics and impact of security flaws.
https://www.securityweek.com/first-announces-cvss-version-31
Vulnerabilities
Philips Holter 2010 Plus
This advisory provides information about, and mitigations for, a vulnerability reported in the Philips Holter 2010 Plus.
https://www.us-cert.gov/ics/advisories/icsma-19-192-01
Delta Industrial Automation CNCSoft ScreenEditor
This advisory includes mitigations for heap-based buffer overflow and out-of-bounds read vulnerabilities reported in the Delta Electronics CNCSoft ScreenEditor.
https://www.us-cert.gov/ics/advisories/icsa-19-192-01
AVEVA Vijeo Citect and Citect SCADA Floating License Manager
This advisory provides information about, and mitigations for, several vulnerabilities reported in the AVEVA Vijeo Citect and Citect SCADA Floating License Manager applications.
https://www.us-cert.gov/ics/advisories/icsa-19-192-05
Schneider Electric Interactive Graphical SCADA System
This advisory includes mitigations for an out-of-bounds write vulnerability in the Schneider Electric Interactive Graphical SCADA System software.
https://www.us-cert.gov/ics/advisories/icsa-19-192-06
Schneider Electric Floating License Manager
This advisory includes mitigations for improper input validation and memory corruption vulnerabilities in the Schneider Electric Floating License Manager software.
https://www.us-cert.gov/ics/advisories/icsa-19-192-07
CVE-2019-11360: BufferOverflow in iptables-restore v1.8.2
This blogpost is about a BufferOverflow vulnerability which I found by fuzzing iptables-restore using AFL in March, 2019. It was fixed by the netfilter team in April 2019 ... All in all, I believe that this vulnerability can only be used for academic/educational purposes and has no particular real-world impact.
https://0day.work/cve-2019-11360-bufferoverflow-in-iptables-restore-v1-8-2/
Security updates for Friday
Security updates have been issued by CentOS (dbus), Debian (firefox-esr, python3.4, and redis), Mageia (ffmpeg), Oracle (firefox, libvirt, and qemu), Red Hat (firefox and virt:8.0.0), Scientific Linux (firefox), and SUSE (kernel).
https://lwn.net/Articles/793563/
QNX-2019-001 Vulnerability in procfs service Impacts BlackBerry QNX Software Development Platform
http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000057178
Security Advisory 2019-10: Security Update for OTRS Framework
https://community.otrs.com/security-advisory-2019-10-security-update-for-otrs-framework/
Security Advisory 2019-11: Security Update for OTRS Framework
https://community.otrs.com/security-advisory-2019-11-security-update-for-otrs-framework/
Security Advisory 2019-12: Security Update for OTRS Framework
https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/
Vuln: Oracle July 2019 Critical Patch Update Multiple Vulnerabilities
http://www.securityfocus.com/bid/109125
ZDI-19-660: (Pwn2Own) Xiaomi Mi6 Browser miui.share APK Download Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-660/
ZDI-19-659: Xiaomi Mi6 Captive Portal WebView Authorization Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-19-659/
IBM Security Bulletin: Publicly disclosed vulnerability in Java used by IBM FileNet Content Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-java-used-by-ibm-filenet-content-manager/
IBM Security Bulletin: Publicly disclosed vulnerability in Oracle Outside In Technology used by IBM FileNet Content Manager
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-publicly-disclosed-vulnerability-in-oracle-outside-in-technology-used-by-ibm-filenet-content-manager-2/
IBM Security Bulletin: Multiple vulnerabilities affect IBM Watson Assistant for IBM Cloud Pak for Data
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-affect-ibm-watson-assistant-for-ibm-cloud-pak-for-data/
IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK and IBM Java Runtime affect IBM QRadar SIEM
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-multiple-vulnerabilities-in-ibm-java-sdk-and-ibm-java-runtime-affect-ibm-qradar-siem-3/
IBM Security Bulletin: IBM QRadar SIEM is vulnerable to a publicly disclosed vulnerability in Spring Framework (CVE-2018-15756)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-ibm-qradar-siem-is-vulnerable-to-a-publicly-disclosed-vulnerability-in-spring-framework-cve-2018-15756/
IBM Security Bulletin: Apache Commons FileUpload Vulnerability Affects IBM Campaign, IBM Contact Optimization and IBM Marketing Operations (CVE-2016-1000031)
https://www.ibm.com/blogs/psirt/ibm-security-bulletin-apache-commons-fileupload-vulnerability-affects-ibm-campaign-ibm-contact-optimization-and-ibm-marketing-operations-cve-2016-1000031/
Asterisk: Mehrere Schwachstellen ermöglichen Denial of Service
http://www.cert-bund.de/advisoryshort/CB-K19-0606