Preface: Encryption uses a key to ensure the ciphertext cannot be deciphered by anyone but the authorized recipient. Signing of data works to authenticate the sender of the data and tends to implement a form of encryption in its process.

Background: JSON Object Signing and Encryption (JOSE) is the set of software technologies standardized by the IETF to represent encrypted and/or sign content as JSON data. The technologies include JSON Web Signatures (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA).

Vulnerability details: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication II Tag provided in the JWE. The following are spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly.

Remediation: Users should upgrade to a version >= 0.6.2.2

Official announcement: For details, please refer to the link – https://access.redhat.com/errata/RHSA-2023:4410

Preface: AMD explain this design flaw. Do you have any queries?

Background: Ryzen is multi-core X86 (64) microprocessors. AMD made its own as an extension of the x86 instruction set. In some AMD processors using frequency scaling .

CPU Frequency Scaling is a feature that enables the operating system to scale the CPU frequency up or down to save power. Depending on the system load the CPU frequencies can be scaled automatically, this is in response to the ACPI events. It can also be manually done by using some programs.

Vulnerability details: A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.

Ref: Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker.

Official announcement: For details, please refer to the link – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7006.html

Preface: RCS enables more dynamic and secure conversations than SMS and MMS. It allows users to share high-resolution photos and videos up to 100MB in size.

Background: About one year ago, Google’s next-generation flagship Pixel 7 series appears in the Android 13 developer preview, using Samsung’s baseband chip, model g5300b.

RCS is the successor to the old SMS standard, and Google has been pushing this feature hard over the past few years. Now, at Google I/O, the company confirmed that over 800 million people now have RCS on their phones.

To check if a user’s device is RCS-enabled and capable of communicating with an RBM agent, you can request the device’s capabilities. Identifying which features a device supports, if any at all, allows your agent to tailor the conversation to the device’s capabilities and avoid presenting interactions that are difficult or impossible for the user to complete.

Vulnerability details: An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-31116