[CERT-daily] Tageszusammenfassung - 22.09.2023
Daily end-of-shift report
team at cert.at
Fri Sep 22 18:25:53 CEST 2023
=====================
= End-of-Day report =
=====================
Timeframe: Donnerstag 21-09-2023 18:00 − Freitag 22-09-2023 18:00
Handler: Michael Schlagenhaufer
Co-Handler: Stephan Richter
=====================
= News =
=====================
∗∗∗ Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters ∗∗∗
---------------------------------------------
No one mentioned that libwebp, a library found in millions of apps, was a 0-day origin.
---------------------------------------------
https://arstechnica.com/?p=1970341
∗∗∗ GitHub passkeys generally available for passwordless sign-ins ∗∗∗
---------------------------------------------
GitHub has made passkeys generally available across the platform today to secure accounts against phishing and allow passwordless logins for all users.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/github-passkeys-generally-available-for-passwordless-sign-ins/
∗∗∗ iOS, iPad OS, Watch OS und MacOS: Apple behebt aktiv ausgenutzte Schwachstellen ∗∗∗
---------------------------------------------
Drei Zero-Day-Schwachstellen in iOS, iPad OS, Watch OS sowie Mac OS sollen bereits aktiv ausgenutzt werden. Patches stehen jetzt bereit.
---------------------------------------------
https://www.golem.de/news/ios-ipad-os-watch-os-und-macos-apple-behebt-aktiv-ausgenutzte-schwachstellen-2309-177890.html
∗∗∗ The WebP 0day ∗∗∗
---------------------------------------------
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apples Security Engineering and Architecture (SEAR) team. The issue, CVE-2023-4863, was a heap buffer overflow in the WebP image library, and it had a familiar warning attached:"Google is aware that an exploit for CVE-2023-4863 exists in the wild."
---------------------------------------------
https://blog.isosceles.com/the-webp-0day/
∗∗∗ Proof-of-Concept-Exploit für WinRAR-Lücke bringt VenomRAT-Malware mit ∗∗∗
---------------------------------------------
Mitte August haben die Entwickler eine Zero-Day-Lücke in WinRAR ausgebessert. Dafür taucht ein gefälschter PoC auf, der Malware mitbringt.
---------------------------------------------
https://www.heise.de/-9313479.html
∗∗∗ Qnap warnt vor Codeschmuggel durch Schwachstellen ∗∗∗
---------------------------------------------
Qnap warnt vor Sicherheitslücken im QTS-Betriebssystem und der Multimedia Console, durch die Angreifer Schadcode einschleusen können.
---------------------------------------------
https://www.heise.de/-9313549.html
∗∗∗ Sicherheitslücke: Datenleaks auf Drupal-Websites möglich ∗∗∗
---------------------------------------------
Unter bestimmten Voraussetzungen können Angreifer mit dem Content Management System Drupal erstellte Seiten attackieren. Abgesicherte Versionen sind verfügbar.
---------------------------------------------
https://www.heise.de/-9313594.html
∗∗∗ Schon einmal auf einen Fake-Shop hineingefallen? ∗∗∗
---------------------------------------------
Sie kaufen regelmäßig online ein und verwenden dabei Ihr Mobiltelefon? Sie sind schon einmal in Berührung mit Fake-Shops gekommen oder waren Opfer von Internetbetrug? Sie möchten mehr darüber erfahren, welche präventiven Maßnahmen es gibt, um den Einkauf in Fake-Shops zu verhindern? Sie möchten aktiv an der Gestaltung einer Lösung mitarbeiten? Dann nehmen Sie an unserem Workshop teil!
---------------------------------------------
https://www.watchlist-internet.at/news/schon-einmal-auf-einen-fake-shop-hineingefallen/
∗∗∗ Finding Deserialization Bugs in the SolarWind Platform ∗∗∗
---------------------------------------------
It’s been a while since I have written a blog post, please accept my sincerest apologies. This is because a lot of fun stuff that I’ve recently done is going to be presented during conferences. Please treat this post as a small introduction to my upcoming Hexacon 2023 talk titled “Exploiting Hardened .NET Deserialization: New Exploitation Ideas and Abuse of Insecure Serialization”.
---------------------------------------------
https://www.thezdi.com/blog/2023/9/21/finding-deserialization-bugs-in-the-solarwind-platform
=====================
= Vulnerabilities =
=====================
∗∗∗ ZDI-23-1449: (0Day) Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability ∗∗∗
---------------------------------------------
This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver & Support Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
---------------------------------------------
https://www.zerodayinitiative.com/advisories/ZDI-23-1449/
∗∗∗ (0Day) Ashlar-Vellum Cobalt AR Remote Code Execution Vulnerability ∗∗∗
---------------------------------------------
The specific flaw exists within the parsing of AR files [...] Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application. (ZDI-23-1450 - ZDI-23-1454)
---------------------------------------------
https://www.zerodayinitiative.com/advisories/published/
∗∗∗ Security updates for Friday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (gsl), Fedora (dotnet6.0 and dotnet7.0), Oracle (libwebp), Slackware (bind, cups, and seamonkey), SUSE (kernel and rust, rust1.72), and Ubuntu (cups, flac, gnome-shell, imagemagick, and python3.5).
---------------------------------------------
https://lwn.net/Articles/945322/
∗∗∗ Vulnerabilities in Apache HTTP Server ∗∗∗
---------------------------------------------
Multiple vulnerabilities in Apache HTTP Server have been reported to affect certain QNAP operating systems.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-12
∗∗∗ Vulnerability in Legacy QTS ∗∗∗
---------------------------------------------
A buffer copy without checking size of input vulnerability has been reported to affect certain legacy versions of QTS.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-25
∗∗∗ Vulnerability in Multimedia Console ∗∗∗
---------------------------------------------
A buffer copy without checking size of input vulnerability has been reported to affect certain versions of Multimedia Console.
---------------------------------------------
https://www.qnap.com/en-us/security-advisory/QSA-23-29
∗∗∗ Security update 1.5.4 released ∗∗∗
---------------------------------------------
We just published a security update to the LTS version 1.5 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.5.x with this new version.
---------------------------------------------
https://roundcube.net/news/2023/09/18/security-update-1.5.4-released
∗∗∗ Security update 1.4.14 released ∗∗∗
---------------------------------------------
We just published a security update to the LTS version 1.4 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages, reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.4.x with this new version.
---------------------------------------------
https://roundcube.net/news/2023/09/18/security-update-1.4.14-released
∗∗∗ Security update 1.6.3 released ∗∗∗
---------------------------------------------
We just published a security update to the version 1.6 of Roundcube Webmail. It provides a fix to a recently reported XSS vulnerability: Fix cross-site scripting (XSS) vulnerability in handling of linkrefs in plain text messages,reported by Niraj Shivtarkar. See the full changelog in the release notes in the release notes on the Github download page. We strongly recommend to update all productive installations of Roundcube 1.6.x with this new version.
---------------------------------------------
https://roundcube.net/news/2023/09/15/security-update-1.6.3-released
∗∗∗ [R1] Nessus Version 10.5.5 Fixes Multiple Vulnerabilities ∗∗∗
---------------------------------------------
https://www.tenable.com/security/tns-2023-31
∗∗∗ IBM Security Bulletins ∗∗∗
---------------------------------------------
https://www.ibm.com/support/pages/bulletin/
--
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily
More information about the Daily
mailing list