======================= = End-of-Shift report = =======================

Timeframe: Donnerstag 21-08-2014 18:00 − Freitag 22-08-2014 18:00 Handler: Robert Waldner Co-Handler: n/a

*** Lua vararg functions buffer overflow *** --------------------------------------------- Lua is vulnerable to a buffer overflow, caused by improper bounds checking by vararg functions. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. --------------------------------------------- http://xforce.iss.net/xforce/xfdb/95390

*** Researchers create privacy wrapper for Android Web apps *** --------------------------------------------- Users can wrap Facebook and other apps to better control their privacy and security, according to researchers from North Carolina State University. --------------------------------------------- http://feeds.arstechnica.com/~r/arstechnica/security/~3/mQ5PZ77i084/

*** Malicious app can get past Android WITHOUT PERMISSIONS *** --------------------------------------------- Be careful what you install, say boffins. Again. Researchers presenting at Usenix have lifted the lid on yet another Android vulnerability: the way apps use memory can be exploited to leak private information with a success rate between 82 and 92 per cent of the time. --------------------------------------------- http://go.theregister.com/feed/www.theregister.co.uk/2014/08/22/malicious_ap...

*** Security Advisory - Remote Security Bypass Vulnerability on Huawei Android Devices *** --------------------------------------------- SA No: Huawei-SA-20140821-Android Android version 4.1.1 - 4.4.2 is prone to a remote security bypass vulnerability (CVE-2013-6272): A vulnerability in the Android system allows an attacker to initiate or terminate arbitrary calls without the call_phone permission. After investigation we confirm that some Huawei smartphone and tablet products are affected. --------------------------------------------- http://www.huawei.com/en/security/psirt/security-bulletins/security-advisori...

*** RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc. *** --------------------------------------------- Normal people spend their nights watching movies, reading articles, socializing or (yes, I know its odd) sleeping. I spend my nights reading RFCs and pentesting various applications/services. --------------------------------------------- http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc

*** PHP 5.5.16 is released *** --------------------------------------------- The PHP Development Team announces the immediate availability of PHP 5.5.16. This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. All PHP users are encouraged to upgrade to this new version. --------------------------------------------- http://php.net/archive/2014.php