[CERT-daily] Tageszusammenfassung - Freitag 22-08-2014

Daily end-of-shift report team at cert.at
Fri Aug 22 18:34:16 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 21-08-2014 18:00 − Freitag 22-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  n/a



*** Lua vararg functions buffer overflow ***
---------------------------------------------
Lua is vulnerable to a buffer overflow, caused by improper bounds checking by vararg functions. By sending an overly long string argument, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95390




*** Researchers create privacy wrapper for Android Web apps ***
---------------------------------------------
Users can wrap Facebook and other apps to better control their privacy and security, according to researchers from North Carolina State University.
---------------------------------------------
http://feeds.arstechnica.com/~r/arstechnica/security/~3/mQ5PZ77i084/




*** Malicious app can get past Android WITHOUT PERMISSIONS ***
---------------------------------------------
Be careful what you install, say boffins. Again. Researchers presenting at Usenix have lifted the lid on yet another Android vulnerability: the way apps use memory can be exploited to leak private information with a success rate between 82 and 92 per cent of the time.
---------------------------------------------
http://go.theregister.com/feed/www.theregister.co.uk/2014/08/22/malicious_app_can_get_past_android_without_permissions/




*** Security Advisory - Remote Security Bypass Vulnerability on Huawei Android Devices ***
---------------------------------------------
SA No: Huawei-SA-20140821-Android
Android version 4.1.1 - 4.4.2 is prone to a remote security bypass vulnerability (CVE-2013-6272):
A vulnerability in the Android system allows an attacker to initiate or terminate arbitrary calls without the call_phone permission.
After investigation we confirm that some Huawei smartphone and tablet products are affected. 
---------------------------------------------
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-363101.htm




*** RTFM 0day in iOS apps: G+, Gmail, FB Messenger, etc. ***
---------------------------------------------
Normal people spend their nights watching movies, reading articles, socializing or (yes, I know its odd) sleeping. I spend my nights reading RFCs and pentesting various applications/services.
---------------------------------------------
http://algorithm.dk/posts/rtfm-0day-in-ios-apps-g-gmail-fb-messenger-etc




*** PHP 5.5.16 is released ***
---------------------------------------------
The PHP Development Team announces the immediate availability of PHP 5.5.16. This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597. All PHP users are encouraged to upgrade to this new version.
---------------------------------------------
http://php.net/archive/2014.php






More information about the Daily mailing list