Background: XPC is a type of iOS IPC. Through XPC, an app can communicate with some system services. mediaserverd (/ usr / sbin / mediaserverd) is a daemon process launched by the root process launchd, and its description file is com.apple.mediaserverd.plist stored in / System / Library / LaunchDaemon directory, when the system starts, it will scan all plist files under this directory, start all background processes separately, probably there are more than 50 background processes are the real reason for the pseudo background in the iOS system. The decoding of audio and video involves the operation of hardware. Mediaserverd contains a large amount of code that calls the driver layer. Through xpc, users can prevent overflow attacks and improve system stability. Because the same xpc interface is cross-process, it makes it more difficult for overflow attacks to forge data.
Synopsis: Mediaserverd has various media parsing responsibilities, its reachable from various sandboxes and is able to talk to kernel drivers. Perhaps, hacker can find a valid trigger point in this place.
Status – Even though 13.1.3 IPXR, it also vulnerable. For more details, please refer to diagram.
Preface: The OAuth 2.0 Authorization Framework (RFC 6749, October 2012)
Technical background: In the traditional Client-Server architecture, when the Client wants to fetch the protected resources (Protected Resoruce), it is necessary to present the account and password of the user (Resource Owner) to the Server. OAuth introduces an authentication layerThe Client will get an Access Token to access Protected Resources instead of using the account password of the Resource Owner. An Access Token is a string that records information about a specific scope of access, timeliness, and more.
Vulnerability details: The details of the vulnerability shown on attached diagram. But the root cause of this design weakness perhaps not limited to CyberArk researchers discovery. Azure trust certain third-party domains and sub-domains. Can you imagine that the problem may be involved wildcard domain included in whitelist?
Focus: Heard that Microsoft didn’t issue a CVE because the bug is located only in their Online Service. Strange!
Preface: When you walk through trading floor area, you can see trader writing Python code, said chief digital officer at Nomura.
Background: Perhaps the popularity of the excel usage in trading floors are coincidence. I believe that DDE and Marco functions driven this trend in in past. Audit team found out that a data handling risk of the usage excel spreadsheet in trading floor. A technical term so called excel spreadsheet risk. You may say, that this is an old story!
Current finding on Excel spreadsheet design weakness: Excel query from file feature is vulnerable to “Error” based XML External Entity attacks, if the user chooses the “Import as Html page” functionality upon receiving errors importing a specially crafted XML file. Above scenario will cause unauthorized access control to remote server. Perhaps this is not the external hacker. It is a insider threat. This vulnerability just found, the impact not have official confirmation yet. But we must staying alert!