Tag: vulnerability
PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack
Basically, the Wemo Mini Smart Plug V2 has a 30 character name limit that can be overwritten, leading to an exploitable memory buffer error. Full details on how the exploit works are available from Sternum.
Belkin told Sternum that it has no plans to update the Wemo Mini Smart Plug V2 because it is at the end of its life after four years and has been replaced with newer models. That leaves many potential Belkin customers vulnerable, as there are likely many of these smart plugs being used in the wild.
Sternum recommends that people prevent the Wemo Mini Smart Plug V2 from accessing the internet and communicating with other devices like the iPhone because of the vulnerability, but the safest bet would be to remove the plugs and replace them with something more secure.
This article, “PSA: Older Wemo Smart Plugs Have Vulnerability That Leaves Them Open to Attack” first appeared on MacRumors.com
Discuss this article in our forums
Microsoft releases optional fix for actively exploited Secure Boot vulnerability
Microsoft’s latest Patch Tuesday updates are out for Windows 11 and Windows 10 with several fixes for two operating systems. In the case of Windows 11, the KB5026372 cumulative update introduces no less than 20 changes that improve the user experience as well as fixes for 38 security vulnerabilities and…
Google unveils new council and legal fund to support vulnerability disclosure
Bing vulnerability made it possible to alter search results
A major security exploit that let researchers change Bing search results was revealed this week.
The vulnerability was discovered in January by cybersecurity research company Wiz and reported to the Microsoft Security Response Center (MSRC).
In a Twitter thread, Wiz researcher Hillai Ben-Sasson explained how he was able to hack into Bing’s content management system (CMS). By logging into Microsoft’s cloud computing platform Azure, he discovered that he could grant all users access to internal Microsoft apps. He then accessed a database of Bing’s search results. From there, Ben-Sasson figured out that he could actually modify what showed up in the results.
Wiz researchers also discovered that Bing was vulnerable to a Cross-Site Scripting (XSS) attack and discovered they had access to sensitive Office 365 data including Outlook emails, Calendar information, and Teams messages. MSRC detailed security updates and shared recommendations for Azure AD admins and developers in its blog post.
The purpose of the researchers’ experiment was to show that it was possible and share its findings with Microsoft. But it shows how malicious hackers could have wreaked havoc for Bing.
“A malicious actor with the same access could’ve hijacked the most popular search results with the same payload and leak sensitive data from millions of users,” said the Wiz blog post. Luckily it was caught before any major damage was done.
Microsoft confirmed that it has been fixed as of March 29. Wiz received a $40,000 “bug bounty” for reporting the vulnerability, which it it plans to donate to an unspecified recipient.
Microsoft Patched Bing Vulnerability That Allowed Snooping on Email and Other Data
Read more of this story at Slashdot.
PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability
According to Apple’s release notes for the security update, it addresses a long list of vulnerabilities, including a WebKit vulnerability that was known to be actively exploited. From Apple’s security support document:
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Note that those running iOS 16 and iPadOS 16 do not need to worry about this exploit as it was previously fixed in iOS 16.3.1. The update also fixes other WebKit vulnerabilities that were not actively exploited, plus it fixes security issues with Calendar, Camera, Find My, and more.
iOS 15.7.4 and iPadOS 15.7.4 are available for all iPhone 6s models, all iPhone 7 models, the first-generation iPhone SE, the iPad Air 2, the fourth-generation iPad mini, and the seventh-generation iPod touch.
This article, “PSA: Make Sure to Update Older Devices to iOS 15.7.4 to Fix Actively Exploited Vulnerability” first appeared on MacRumors.com
Discuss this article in our forums
Microsoft fixes reversible screenshot vulnerability on Windows
Microsoft has pushed an update to fix a screenshot editing vulnerability in Windows 10 and 11, as spotted earlier by Bleeping Computer. The security flaw, dubbed the “aCropalypse,” could let bad actors recover the edited portions of screenshots, potentially revealing personal information that had been cropped out or concealed.
According to Microsoft, the issue (CVE-2023-28303) affects both the Snip & Sketch app on Windows 10 and the Snipping Tool on Windows 11. However, it only applies to images created in a very specific set of steps. That includes those that have been taken, saved, edited, and then saved over the original file, as well as the ones opened in the Snipping Tool, edited, and then saved to the same location. It doesn’t have…
Google Pixel vulnerability allows bad actors to undo Markup screenshot edits and redactions
When Google began rolling out Android’s March security patch earlier this week, the company addressed a “High” severity vulnerability involving the Pixel’s Markup screenshot tool. Over the weekend, Simon Aarons and David Buchanan, the reverse engineers who discovered CVE-2023-21036, shared more information about the security flaw, revealing Pixel users are still at risk of their older images being compromised due to the nature of Google’s oversight.
In short, the “aCropalypse” flaw allowed someone to take a PNG screenshot cropped in Markup and undo at least some of the edits in the image. It’s easy to imagine scenarios where a bad actor could abuse that capability. For instance, if a Pixel owner used Markup to redact an image that included sensitive information about themselves, someone could exploit the flaw to reveal that information. You can find the technical details on Buchanan’s blog.
Introducing acropalypse: a serious privacy vulnerability in the Google Pixel’s inbuilt screenshot editing tool, Markup, enabling partial recovery of the original, unedited image data of a cropped and/or redacted screenshot. Huge thanks to @David3141593 for his help throughout! pic.twitter.com/BXNQomnHbr
— Simon Aarons (@ItsSimonTime) March 17, 2023
According to Buchanan, the flaw has existed for about five years, coinciding with the release of Markup alongside Android 9 Pie in 2018. And therein lies the problem. While March’s security patch will prevent Markup from compromising future images, some screenshots Pixel users may have shared in the past are still at risk.
It’s hard to say how concerned Pixel users should be about the flaw. According to a forthcoming FAQ page Aarons and Buchanan shared with 9to5Google and The Verge, some websites, including Twitter, process images in such a way that someone could not exploit the vulnerability to reverse edit a screenshot or image. Users on other platforms aren’t so lucky. Aarons and Buchanan specifically identify Discord, noting the chat app did not patch out the exploit until its recent January 17th update. At the moment, it’s unclear if images shared on other social media and chat apps were left similarly vulnerable.
Google did not immediately respond to Engadget’s request for comment and more information. The March security update is currently available on the Pixel 4a, 5a, 7 and 7 Pro, meaning Markup can still produce vulnerable images on some Pixel devices. It’s unclear when Google will push the patch to other Pixel devices. If you own a Pixel phone without the patch, avoid using Markup to share sensitive images.
This article originally appeared on Engadget at https://www.engadget.com/google-pixel-vulnerability-allows-bad-actors-to-undo-markup-screenshot-edits-and-redactions-195322267.html?src=rss