Apple patches actively exploited iPhone, iPad kernel vulns - The Register

2 years ago 49

In brief Apple has patched an iOS and iPad OS vulnerability that's already been exploited.

Crediting an anonymous information researcher with reporting the issue, Apple said the occupation involves an out-of-bounds constitute contented – which involves adding information past the extremity oregon earlier the opening of a buffer. The impacts tin bedata corruption, a clang oregon the accidental to execute arbitrary codification with kernel privileges. 

Apple issued patches for iOS 16.1 and iPad OS 16, to code this and 19 different vulnerabilities. Six of the flaws progressive the kernel. Others deed Core Bluetooth, graphics and GPU drivers, oregon the iOS Sandbox.

Apple's security notice for the patches didn't supply galore details connected the quality of the already-exploited flaw - we're successful the acheronian arsenic to the quality of the vulnerability, the grade of exploitation, oregon who whitethorn person been attacking the flaw.

Looking implicit the spot notes, 1 whitethorn announcement a database of radical credited with notifying Apple of specified vulnerabilities. Many of them whitethorn person been motivated by Apple's upgraded bug bounty program, which the institution said has awarded astir $20 cardinal to researchers since being launched 2 and a fractional years ago. 

"To our knowledge, this makes Apple Security Bounty the fastest-growing bounty programme successful manufacture history," Apple bragged successful a statement, successful which it besides announced the debut of an Apple Security Research website. 

The caller tract volition service arsenic a mode for information researchers moving connected Apple vulnerabilities to pass with Cupertino. Apple said the caller tract is simply a two-way thoroughfare wherever users tin "hear astir the latest advances successful Apple information from our engineering teams, nonstop america your ain research, and enactment straight with america to beryllium recognized and rewarded for helping support our users safe."

Apple Security Research besides includes trackers wherever researchers tin travel the presumption of their reports. It provides much transparency, Apple said, by spelling retired bounty info and valuation criteria much plainly "so you tin find wherever you'd similar to absorption your research, and truthful you tin expect whether your study qualifies for a peculiar reward." 

Reuters database exposes 3TB of lawsuit information to the web

Security researchers investigating the website of media institution Thomson Reuters person recovered 3 exposed databases containing information they said could beryllium worthy millions of dollars connected acheronian web forums for usage successful proviso concatenation attacks. 

According to the probe squad astatine Cybernews, the 3 databases were casual to find and crawl, but 1 server was juicier than others: it contained 3TB of "sensitive, up-to-date accusation from crossed the company's platforms." 

The researchers said the ElasticSearch database included plain substance information similar password reset logs (though nary existent passwords were exposed), SQL logs showing what Thomson Reuters clients were searching for, and documents returned done those searches. 

"There is simply a precocious accidental the unfastened lawsuit included overmuch much delicate information since the database holds much than 6.9 cardinal unsocial logs that instrumentality up implicit 3TB of server disk," the researchers hypothesized. 

Reuters said it appreciated the enactment of ethical information researchers and added that it instantly addressed the contented erstwhile notified. Two of the servers, Reuters said, were designed to beryllium publically accessible and truthful weren't a risk, portion the 3rd ElasticSearch 1 wasn't expected to beryllium exposed, but isn't a superior problem.

The ElasticSearch server, Thomson Reuters said, was a non-production instrumentality that "only houses exertion logs from the non-production situation associated with a tiny subset of Thomson Reuters's Global Trade customers," who it said it had already notified. 

VMware encounters bug truthful superior it patches a retired product

VMware has patched a captious vulnerability successful its Cloud Foundation level superior capable that it reached backmost into the archives to hole bundle past its end-of-life. 

The bug lies successful the XStream unfastened root library. If leveraged by an attacker, it could assistance distant codification execution capabilities with basal permissions "due to an unauthenticated endpoint that leverages XStream for input serialization." The exploit tin reportedly beryllium executed remotely, is of a debased level of complexity, and doesn't necessitate immoderate idiosyncratic enactment – the cleanable tempest for a would-be hacker.

VMware said that proof-of-concept exploit codification targeting the vulnerability, logged arsenic CVE-2021-39144 and rated astatine a 9.8/10 connected the CVSSv3 scale, is already disposable online – making patching each the much essential. 

The end-of-life merchandise getting a patch is VMware NSX Data Center for vSphere, mentation 6.4 (this update brings it to mentation 6.4.14), which reached end of beingness successful January of this year.

VMware besides patched a 2nd contented successful the information bulletin, but thankfully this 1 is acold little serious. According to the bulletin, VMware Cloud Foundation has an XML outer entity vulnerability that could let an unauthenticated attacker to motorboat a denial-of-service onslaught oregon disclose information. 

Unlike the terrible people of the XStream vulnerability, VMware said the second issue lone rated a 5.3 connected the CVSSv3 scale.

Sorry for the hoodie

Humor and infosec don't often premix but Malwarebytes offered a invited objection with a tweet published past week that apologised for utilizing a cliched illustration of a hacker going astir their nefarious concern portion wearing a hoodie.

An apology pic.twitter.com/8A3UtccX5K

— Malwarebytes (@Malwarebytes) October 27, 2022

The Tweet saw The Register's accumulation squad cull immoderate of our representation library. However the tweet beneath from Reg Asia-Pac exertion Simon Sharwood remains proudly online.

Security conf selfie pic.twitter.com/YI3iAFzSO2

— Simon Sharwood (@ssharwood) June 22, 2022

®

Read Entire Article