Preface: Intel Software Guard Extensions (SGX) is a set of central processing unit instruction codes from Intel that allows user-level code to allocate private regions of memory, called enclaves, that are protected from processes running at higher privilege levels.
SGX design limitation: L1 Terminal Fault aka Foreshadow found in August 2018. Foreshadow enables an attacker to extract SGX sealing keys, previously sealed data can be modified and re-seal.
The Foreshadow / L1-terminal-fault attack were assigned the following CVE numbers:
CVE-2018-3615 for attacking SGX.
CVE-2018-3620 for attacking the OS Kernel and SMM mode.
CVE-2018-3646 for attacking virtual machines.
Regarding to this vulnerability. Siemens Security Advisory by Siemens Product has following announcement to their product. For more details, please see below:
Preface: One of the biggest successes of the iPhone is its security. Still No Major Malware found on iPhone.
Current possible infection methods:
1. iOS process named “iBoot” that starts up the system when you first turn on your iPhone and ensures the code being run is valid and originates from Apple. Hacker mimic counterfeit firmware may have way to compromise Apple iOS devices.
2. Malware compromised windows OS, exploit this channel implant malicious code to 3rd party iOS app then install to Apple iOS devices.
3. Man-in-the-middle -attack: On 2016, found a program called “爱思助手 (Aisi Helper),” which acts as the “man-in-the-middle” attack. Aisi Helper silently installs a malicious app to any connected iOS devices. It appears that the malicious app connects to a third-party iOS app and game store that asks users to enter their Apple ID passwords then implant malicious code to 3rd party Preventive maintenance:
Following official suggestion to enhance your iOS devices (see below)
As of 2018, expert estimates that Google Chrome has a 68% worldwide usage share of web browsers as a desktop browser. It also has 61% market share across all platforms combined. Moreover it has over 50% share on smartphones.
Google chrome not only a web browser. It contained friendly capabilities.
How to enable Material Design?
Google Chrome is a freeware web browser developed by Google LLC.
If you are interested of Google Chrome with its secret Material Design. You can following below details for reference.
Go to the URL bar and type – chrome://flags/#top-chrome-md
Go to the URL bar and type – chrome://flags/#top-chrome-md
Chrome design weakness – Found Nov 2018
Since there are several items of issue found. Following details of items bring to my interest.
Out of bounds write in V8 – High CVE-2018-17480, CVE-2018-18342
Use after frees in PDFium – High CVE-2018-17481, CVE-2018-18336, CVE-2018-18343
Should you have interested, please refer to official announcement for reference
CVE‑2018‑6263 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of privileges.
CVE‑2018‑6265 – NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser.
For more details, please refer to attached diagram.
Who use Node JS?
Node.js build various applications such as social media apps, video and text chat engines, real-time tracking apps, online games and collaboration tools. CiscoDevNet has sample to guide the developer how to integrate integrate Webex with node.js.
Severity of impact:
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default. A debug menu or debug mode is a user interface implemented in a computer program that allows the user to view and/or manipulate the program’s internal state for the purpose of debugging.
Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of Service with large HTTP headers
Preface: Cisco Prime License Manager provides simplified, enterprise-wide management of user-based licensing, including license fulfillment. Cisco Prime License Manager handles licensing fulfillment, supports allocation and reconciliation of licenses across supported products, and provides enterprise-level reporting of usage and entitlement.
A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries.
Preface: Samba is an implementation of the Server Message Block (SMB)/Common Internet File System (CIFS) protocol for Unix systems, providing support for cross-platform file and printer sharing with Microsoft Windows, OS X, and other Unix.
Double free error is caused by freeing same memory location twice by calling free() on the same allocated memory. A NULL pointer dereference is a sub type of an error causing a segmentation fault. It occurs when a program attempts to read or write to memory with a NULL pointer. This design limitation was happen in a lot of software application. Found above vulnerabilities occurs in Samba server. For more details, please refer below:
Preface: Linux makes very efficient use of the system’s resources.You can give new life to your old and slow Windows system by installing a lightweight Linux system. Variants of Linux are most widely used in the Internet of things and smart devices.
Namespaced mapping – when the two sorted arrays are used, the new code omits the ID transformation for the kernel . Found design flaw in kernel that DAC security controls on files whose IDs aren’t mapped in namespace.
So, user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace.
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems (an x86 version of earlier releases was available); it enables users to set up virtual machines (VMs) on a single physical machine, and use them simultaneously along with the actual machine.
VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.
Since the public announcement did not provide the technical details. However I suspected that a design weakness on True type font parser (embedded in the TPView.dll) not been remediated. The similar vulnerability found last year. The CVE reference number is CVE-2017-4913.
Remark: Be a happy black Friday but not for this vulnerability. Yes, this is the shopping on AWS,..etc. Happy hunting.
PAYFORT Online Payment Gateway is the most Trusted in the Middle East. PAYFORT is here to help you accept online payments, reduce fraud & max your transaction amount.
Remark: On Mar 2018, official announce that PayFort International Inc. and its subsidiaries will be acquired by Amazon.
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS vulnerabilities occurs!
What is Cross-site Scripting (XSS)?
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.
One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies. This allows attackers to impersonate victims and access any sensitive information or functionality on their behalf.
The vulnerability details can be found in the following URL: