End-of-Day report
Timeframe: Donnerstag 21-09-2023 18:00 - Freitag 22-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
News
Incomplete disclosures by Apple and Google create -huge blindspot- for 0-day hunters
No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.
https://arstechnica.com/?p=1970341
GitHub passkeys generally available for passwordless sign-ins
GitHub has made passkeys generally available across the platform today to secure accounts against phishing and allow passwordless logins for all users.
https://www.bleepingcomputer.com/news/security/github-passkeys-generally-available-for-passwordless-sign-ins/
iOS, iPad OS, Watch OS und MacOS: Apple behebt aktiv ausgenutzte Schwachstellen
Drei Zero-Day-Schwachstellen in iOS, iPad OS, Watch OS sowie Mac OS sollen bereits aktiv ausgenutzt werden. Patches stehen jetzt bereit.
https://www.golem.de/news/ios-ipad-os-watch-os-und-macos-apple-behebt-aktiv-ausgenutzte-schwachstellen-2309-177890.html
The WebP 0day
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apples Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached:"Google is aware that an exploit for CVE-2023-4863 exists in the wild."
https://blog.isosceles.com/the-webp-0day/
Proof-of-Concept-Exploit für WinRAR-Lücke bringt VenomRAT-Malware mit
Mitte August haben die Entwickler eine Zero-Day-Lücke in WinRAR ausgebessert. Dafür taucht ein gefälschter PoC auf, der Malware mitbringt.
https://www.heise.de/-9313479.html
Qnap warnt vor Codeschmuggel durch Schwachstellen
Qnap warnt vor Sicherheitslücken im QTS-Betriebssystem und der Multimedia Console, durch die Angreifer Schadcode einschleusen können.
https://www.heise.de/-9313549.html
Sicherheitslücke: Datenleaks auf Drupal-Websites möglich
Unter bestimmten Voraussetzungen können Angreifer mit dem Content Management System Drupal erstellte Seiten attackieren. Abgesicherte Versionen sind verfügbar.
https://www.heise.de/-9313594.html
Schon einmal auf einen Fake-Shop hineingefallen?
Sie kaufen regelmäßig online ein und verwenden dabei Ihr Mobiltelefon? Sie sind schon einmal in Berührung mit Fake-Shops gekommen oder waren Opfer von Internetbetrug? Sie möchten mehr darüber erfahren, welche präventiven Maßnahmen es gibt, um den Einkauf in Fake-Shops zu verhindern? Sie möchten aktiv an der Gestaltung einer Lösung mitarbeiten? Dann nehmen Sie an unserem Workshop teil!
https://www.watchlist-internet.at/news/schon-einmal-auf-einen-fake-shop-hineingefallen/
Finding Deserialization Bugs in the SolarWind Platform
It-s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I-ve recently done is going to be presented during conferences. Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled -Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization-.
https://www.thezdi.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform
Vulnerabilities
ZDI-23-1449: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
https://www.zerodayinitiative.com/advisories/ZDI-23-1449/
(0Day) Ashlar-Vellum Cobalt AR Remote Code Execution Vulnerability
The specific flaw exists within the parsing of AR files [...] Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application. (ZDI-23-1450 - ZDI-23-1454)
https://www.zerodayinitiative.com/advisories/published/
Security updates for Friday
Security updates have been issued by Debian (gsl), Fedora (dotnet6.0 and dotnet7.0), Oracle (libwebp), Slackware (bind, cups, and seamonkey), SUSE (kernel and rust, rust1.72), and Ubuntu (cups, flac, gnome-shell, imagemagick, and python3.5).
https://lwn.net/Articles/945322/
Vulnerabilities in Apache HTTP Server
Multiple vulnerabilities in Apache HTTP Server have been reported to affect certain QNAP operating systems.
https://www.qnap.com/en-us/security-advisory/QSA-23-12
Vulnerability in Legacy QTS
A buffer copy without checking size of input vulnerability has been reported to affect certain legacy versions of QTS.
https://www.qnap.com/en-us/security-advisory/QSA-23-25
Vulnerability in Multimedia Console
A buffer copy without checking size of input vulnerability has been reported to affect certain versions of Multimedia Console.
https://www.qnap.com/en-us/security-advisory/QSA-23-29
Security update 1.5.4 released
We just published a security update to the LTS version 1.5 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.5.x with this new version.
https://roundcube.net/news/2023/09/18/security-update-1.5.4-released
Security update 1.4.14 released
We just published a security update to the LTS version 1.4 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.4.x with this new version.
https://roundcube.net/news/2023/09/18/security-update-1.4.14-released
Security update 1.6.3 released
We just published a security update to the version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages,reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version.
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
[R1] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities
https://www.tenable.com/security/tns-2023-31
IBM Security Bulletins
https://www.ibm.com/support/pages/bulletin/