Tag Archive for: Kernel

Google Revealed Kernel Address Sanitizer To Harden Android Firmware

/in


Android devices are popular among hackers due to the platform’s extensive acceptance and open-source nature.

However, it has a big attack surface with over 2.5 billion active Android devices all over the world.

It also poses challenges when it comes to prompt vulnerability patching due to its fragmented ecosystem that consists of different hardware vendors and delayed software updates.

Malware distribution, surveillance, and unauthorized financial gain, or any other malicious purpose are some examples of how cybercriminals take advantage of these loopholes in security.

Recently, Google unveiled the Kernel Address Sanitizer (KASan) to strengthen the Android firmware and beyond.

Android Firmware And Beyond

KASan (Kernel Address Sanitizer) has broad applicability across firmware targets. Incorporating KASan-enabled builds into testing and fuzzing can proactively identify memory corruption vulnerabilities and stability issues before deployment on user devices.

Document

Download Free CISO’s Guide to Avoiding the Next Breach

Are you from The Team of SOC, Network Security, or Security Manager or CSO? Download Perimeter’s Guide to how cloud-based, converged network security improves security and reduces TCO.

  • Understand the importance of a zero trust strategy
  • Complete Network security Checklist
  • See why relying on a legacy VPN is no longer a viable security strategy
  • Get suggestions on how to present the move to a cloud-based network security solution
  • Explore the advantages of converged network security over legacy approaches
  • Discover the tools and technologies that maximize network security

Adapt to the changing threat landscape effortlessly with Perimeter 81’s cloud-based, unified network security platform.

Google has already leveraged KASan on firmware targets, leading to the discovery and remediation of over 40 memory safety bugs, some critically severe, through proactive vulnerability detection.

Address Sanitizer (ASan) is a compiler instrumentation tool that identifies invalid memory access bugs like out-of-bounds, use-after-free, and double-free errors during runtime. 

For user-space targets, enabling ASan is…

Source…

Apple Zero-Day Exploits Bypass Kernel Security

/in


Apple has released emergency security updates to fix two critical iOS zero-day vulnerabilities that cyberattackers are actively using to compromise iPhone users at the kernel level.

According to Apple’s security bulletin released March 5, the memory-corruption bugs both allow threat actors with arbitrary kernel read and write capabilities to bypass kernel memory protections:

  • CVE-2024-23225: Found in the iOS Kernel

  • CVE-2024-23296: Found in the RTKit component

While Apple, true to form, declined to offer additional details, Krishna Vishnubhotla, vice president of product strategy at mobile security provider Zimperium, explains that flaws like these present exacerbated risk to individuals and organizations.

“The kernel on any platform is crucial because it manages all operating system operations and hardware interactions,” he explains. “A vulnerability in it that allows arbitrary access can enable attackers to bypass security mechanisms, potentially leading to a complete system compromise, data breaches, and malware introduction.”

And not only that, but kernel memory-protection bypasses are a special plum for Apple-focused cyberattackers.

“Apple has strong protections to prevent apps from accessing data and functionality of other apps or the system,” says John Bambenek, president at Bambenek Consulting. “Bypassing kernel protections essentially lets an attacker rootkit the phone so they can access everything such as the GPS, camera and mic, and messages sent and received in cleartext (i.e., Signal).”

Apple Bugs: Not Just for Nation-State Rootkitting

The number of exploited zero-days for Apple so far stands at three: In January, the tech giant patched an actively exploited zero-day bug in the Safari WebKit browser engine (CVE-2024-23222), a type confusion error.

It’s unclear who’s doing the exploiting in this case, but iOS users have become top targets for spyware in recent months. Last year, Kaspersky researchers uncovered discovered a series of Apple zero-day flaws (CVE-2023-46690, CVE-2023-32434, CVE-2023-32439) connected to Operation Triangulation, a sophisticated, likely state-sponsored cyber-espionage campaign that deployed TriangleDB spying implants on iOS devices at a variety of…

Source…

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

/in






Hi, what are you looking for?
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
By
Flipboard
Reddit
Whatsapp
Whatsapp
Email
Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.
The Cupertino device maker on Wednesday rushed out a new patch to cover a pair of serious vulnerabilities and warned that one of the issues has already been exploited as zero-day in the wild.
In a barebones advisory, Apple said the exploited CVE-2023-42824 kernel vulnerability allows a local attacker to elevate privileges, suggesting it was used in an exploit chain in observed attacks.
“Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6,” the company said without providing additional details.
This is the 16th documented in-the-wild zero-day against Apple’s iOS, iPadOS and macOS-powered devices, according to data tracked by SecurityWeek. The majority of these attacks have been attributed to mercenary spyware vendors selling surveillance products.
The newest iOS 17.0.3 and iPadOS 17.0.3 updates also cover a buffer overflow vulnerability in WebRTC that exposes mobile devices to arbitrary code execution attacks. The issue was addressed by updating to libvpx 1.13.1, Apple said. 
Apple is encouraging oft-targeted users to enable Lockdown Mode to reduce exposure to mercenary spyware exploits.
Related: Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Advertisement. Scroll to continue reading.

Related: Qualcomm Patches 3 Zero-Days Reported by Google
Related: Can ‘Lockdown Mode’ Solve Apple’s Mercenary Spyware Problem?
Related: Apple Patches Actively Exploited iOS, macOS Zero-Days
Ryan Naraine is Editor-at-Large at SecurityWeek and host of the popular Security Conversations podcast series. He is a security community engagement expert who has built programs at major global brands, including Intel Corp., Bishop Fox and GReAT. Ryan is a founding-director of the Security Tinkerers non-profit, an advisor to early-stage entrepreneurs,…

Source…

Exploring The Anatomy Of A Linux Kernel Exploit

/in


A lot of talk and discussion happens anytime a hardware manufacturer releases a new line of faster, more powerful, or more efficient computers. It’s easy to see better and better specifications and assume that’s where all the progress is made. But without improved software and algorithms, often the full potential of the hardware can’t be realized. That’s the reason for the creation of io_uring, an improved system call interface in the Linux kernel. It’s also where [chompie] went to look for exploits.

The reason for looking here, in a part of the kernel [chompie] had only recently learned about, was twofold. First, because it’s a place where user space applications interact with the kernel, and second because it’s relatively new and that means more opportunities to find bugs. The exploit involves taking advantage of a complicated asynchronous buffer system, specifically at a location where the code confuses a memory location being used by the kernel with one which is supposed to be used for user space.

To actually get this to work as an exploit, though, a much more involved process is needed to make sure the manipulation of these memory addresses results in something actually useful, but it is eventually used to gain local privilege escalation. More about it can be found in this bug report as well. Thanks to the fact that Linux is open-source, this bug can quickly be fixed and the patch rolled out to prevent malicious attackers from exploiting it. Open-source software has plenty of other benefits besides being inherently more secure, though.


Source…