Tag Archive for: hole

iPhone users urged to install new software immediately after powerful security hole found


Apple iPhone Security Update (Copyright 2022 The Associated Press. All rights reserved)

Apple iPhone Security Update (Copyright 2022 The Associated Press. All rights reserved)

iPhone users have been urged to download a new update immediately.

The update was pushed out by Apple to iPhones and iPads after a major security vulnerability was found in the devices.

Patching up that hole with the new software update should keep those devices safe. But without it, attackers could break into an iPhone and spy on its user.

The security issue was found by researchers at the University of Toronto’s Citizen Lab. They said the problem was being “actively exploited” by hackers, and that all users should update immediately.

They were doing so by delivering commercial software called Pegasus, which is made and sold by Israeli company the NSO Group. That software is expensive and targeted, and has primarily been used on specific activists, journalists and politcians, who are likely to know if they are at particular risk of an attack.

The latest attack was used on the iPhone of a member of staff at a US civil society organisation with international offices, Citizen Lab said. It named the new exploit BLASTPASS and said that it did not even require users to click anything on their device.

The NSO Group and Apple have in recent years been engaged in a long-running fight to find and fix security flaws that could allow for the delivery of that software.

Recent iPhone updates brought a new “Lockdown Mode” that places extra restrictions on the device in an attempt to close up potential security flaws. That includes not downloading images that could include spyware, for instance – which is how attackers deliver the hack in this most recent scare.

Downloading the new update is simple. It is done through the Settings app on iPhones and iPads, by clicking the “general” and then “software update” options – that will check for any new updates, and offer the option to download it.

Phones may eventually automatically install the new operating system, which could mean that no download shows up in that screen. Users can check if they have already updated to the new, patched operating system by clicking the “about” option in the general settings, and looking whether they have the…

Source…

Hackers are mass infecting servers worldwide by exploiting a patched hole


Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word

Getty Images

An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday.

The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts and other large-scale enterprises to consolidate their hardware resources. ESXi is what’s known as a bare-metal, or Type 1, hypervisor, meaning it’s essentially its own operating system that runs directly on server hardware. By contrast, servers running the more familiar Type 2 class of hypervisors, such as VMware’s VirtualBox, run as apps on top of a host operating system. The Type 2 hypervisors then run virtual machines that host their own guest OSes such as Windows, Linux or, less commonly, macOS.

Enter ESXiArgs

Advisories published recently by computer emergency response teams (CERT) in France, Italy, and Austria report a “massive” campaign that began no later than Friday and has gained momentum since then. Citing results of a search on Census, CERT officials in Austria, said that as of Sunday, there were more than 3,200 infected servers, including eight in that country.

“Since ESXi servers provide a large number of systems as virtual machines (VM), a multiple of this number of affected individual systems can be expected,” the officials wrote.

The vulnerability being exploited to infect the servers is CVE-2021-21974, which stems from a heap-based buffer overflow in OpenSLP, an open network-discovery standard that’s incorporated into ESXi. When VMware patched the vulnerability in February 2021, the company warned it could be exploited by a malicious actor with access to the same network segment over port 427. The vulnerability had a severity rating of 8.8 out of a possible 10. Proof-of-concept exploit code and instructions for using it became available a few months later.

Over the weekend, French cloud host OVH said that it doesn’t have the ability to patch the vulnerable servers set up by its customers.

“ESXi OS can only be installed on bare metal servers,” wrote…

Source…

Chrome fixes 0-day security hole reported anonymously – update now! – Naked Security


Just three days after Chrome’s previous update, which patched 24 security holes that were not in the wild…

…the Google programmers have announced the release of Chrome 105.0.5195.102, where the last of the four numbers in the quadruplet jumps up from 52 on Mac and Linux and 54 on Windows.

The release notes confirm, in the clipped and frustrating “indirect statement made in the passive voice” bug-report style that Google seems to have borrowed from Apple:


   CVE-2022-3075: Insufficient data validation in Mojo.

   Reported by Anonymous on 2022-08-30

   [...]

   Google is aware of reportsrts [sic] that an exploit 
   for CVE-2022-3075 exists in the wild.

As always, our translation of security holes written up in this non-committal way is: “Crooks or spyware vendors found this vulnerability before we did, have figured out how to exploit it, and are already doing just that.”