Preface: Every computer has a finite amount of memory so OS might actually need to use more than is physically available on your system. As a result, it is hard to avoid sharing resources feature.

Our security focus:
In regard to security update announced by Apple. Our security focus of this topic will be follow closely of malicious application may cause unexpected changes in memory shared between processes.

Under XNU a virtual memory map is represented by a
_vm_map struct, defined in osfmk/vm/vm_map.h. Because not the entire virtual memory address space is mapped at any given moment, the virtual memory map is divided in several entries, each representing a continuous block of mapped memory which share common properties.

Design limitation:
CVE-2019-6205 and CVE-2019-6208: A malicious application may cause unexpected changes in memory shared between processes.

Remedy:
The Apple Security Update covers all of its products. For more information, please see the following: https://support.apple.com/en-hk/HT209446

Preface: Container Linux by CoreOS is an open-source lightweight operating system based on the Linux kernel and designed for providing infrastructure to clustered deployments, while focusing on automation, ease of application deployment, security, reliability and scalability.

Found vulnerability:

A vulnerability in CoreOS etcd could allow an unauthenticated, remote attacker to bypass security restrictions and gain unauthorized access.

Impact:

An attacker could exploit this vulnerability by sending malicious requests to the affected application. A possible way let attacker evade security restrictions then gain unauthorized access to the targeted system.

Vendor Announcement:

CoreOS has released updated software at the following link: https://github.com/etcd-io/etcd/releases

Preface: Drupal is a free and open source content-management framework written in PHP and distributed under the GNU General Public License.

Security Focus:
Drupal has traditionally depended on multiple external tools. Drupal core uses the third-party PEAR Archive_Tar library. In PEAR Archive_Tar before 1.4.4, there are several file operation with $v_header['filename'] as parameter (such as file_exists, is_file, is_dir, etc). When extract() is called without a specific prefix path, we can trigger phar induced unserialization by crafting a tar file with phar://[path_to_malicious_phar_file] as path name. Object injection can be used to trigger destructor/wakeup method in the loaded PHP classes. For instabce: With Archive_Tar itself, it can trigger arbitrary file deletion because @unlink($this->_temp_tarname) will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible.

Official announcement:
Drupal core Arbitrary PHP code execution (Critical) – https://www.drupal.org/sa-core-2019-002

Drupal core Third Party Libraries vulnerability (Critical) – https://www.drupal.org/sa-core-2019-001

Preface: Computer system vulnerability wreak havoc, IT life not easy!

Background: Oracle’s revolutionary cloud database features autopilot, self-protection, and self-healing capabilities designed to eliminate error-prone manual data management. But the Core RDBMS vulnerability still exists!

Security focus – CVE-2019-2444:
Since it did not provide the details. We supculated that even if you revoke the CREATE SESSION privilege from a user they would still be able to log in to the database by using a ROLE that has this privilege.

For instance:
DB contains a role with the create session privilege:
SQL> CREATE ROLE hidden_privileges;
SQL> GRANT create session TO hidden_privileges;

schema/batch user
SQL> CREATE USER user1 IDENTIFIED BY admin;
SQL> GRANT create session TO user1;

If someone has an alternative way for connecting to the database
SQL> GRANT hidden_privileges TO user1;

Then vulnerability occurs.

For remaining vulnerabilities, please refer official announcement. https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Preface: In Java development, software developers will often need to read in JSON data, or provide JSON data as an output. But Java JSON Processing API is not very user friendly and doesn’t provide features for automatic transformation from Json to Java object.

Jackson technical background: Jackson is a suite of data-processing tools for Java (and the JVM platform), including the flagship streaming JSON parser / generator library, matching data-binding library (POJOs to and from JSON) and additional data format modules to process data encoded in Avro, BSON, CBOR, CSV, Smile, (Java) Properties, Protobuf, XML or YAML.

Remark: com.fasterxml.jackson.databind.ObjectMapper is the most important class in Jackson API that provides readValue() and writeValue() methods to transform JSON to Java Object and Java Object to JSON.

Vulnerabilities found on FasterXML jackson-databind:

FasterXML jackson-databind slf4j-ext Class Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Blaze-ds-Opt and Blaze-ds-Core Classes Arbitrary Code Execution Vulnerability – A successful exploit could allow the attacker to execute arbitrary code.

FasterXML jackson-databind Polymorphic Deserialization External XML Entity Vulnerability – A successful exploit could allow the attacker to conduct an XXE attack, which could be used to access sensitive information, bypass security restrictions, or cause a denial of service (DoS) condition on the targeted system.

Vendor Announcements:
https://github.com/FasterXML/jackson-databind/releases

Preface: Hard drives are slower and they affect loading and saving (read and write) times only.

Technical overview:
The mincore() function requests a vector describing which pages of a file are in core and can be read without disk access.

Vulnerability occurred:
A vulnerability in the mincore() function in the Linux Kernel could allow a local attacker to access sensitive information on a targeted system.

Design weakness:
The vulnerability occured in the mincore() function implementation in the mm/mincore.c source code file. The design weakness allow an attacker exploit this vulnerability to conduct a page-cache side-channel attack (allowing the attacker to view page-cache access patterns of other processes on the system).

Official announcement : https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=574823bfab82d9d8fa47f422778043fbb4b4f50e

Preface: Using both private and public clouds in parallel allows company to pick and choose which data and services they want to keep in the private cloud for added security, and which in the public cloud. This is so called a hybrid cloud concept.

Vulnerability found on SAP cloud connector:
SAP Cloud Connector, before version 2.11.3, allows an attacker to inject code that can be executed by the application. As a result it might happen unknown malicious action.

Synopsis: Attacker will be exploit Java code through scripting API or dynamic JSP do the injection .

Official announcement shown as below:
SAP Security Patch Day – January 2019 – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985

Preface: Historically, telecommunications companies have been the largest customer segment for Juniper. Juniper has provided them with on-premises hardware — routers and switches — for the purpose.

Background of XML C parser:
Libxml2 is the XML C parser and toolkit developed for the Gnome project. Libxml2 is made of multiple components; some of them are optional, and most of the block interfaces are public.SAX is an event-driven interface. The programmer specifies an event that may happen and, if it does, SAX gets control and handles the situation. SAX works directly with an XML parser.

Multiple vulnerabilities in libxml2:
The xz_decomp function in xzlib.c in libxml2 2.9.8, if –with-lzma is used, allows remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint, a different vulnerability than CVE-2015-8035.

Solution:
For more details, please refer below url:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST

Remark: Companies are moving more of their IT needs to the cloud. Traditional IT appliance business life not easy!

Preface: Crimes that use computer networks or devices to advance other ends includes Phishing scams and Spam.

S/MIME technical background:
S/MIME is based on asymmetric cryptography to protect your emails from unwanted access. It also allows you to digitally sign your emails to verify you as the legitimate sender of the message, making it an effective weapon against many phishing attacks out there. That’s basically the gist of what S/MIME is all about.

Technical limitation:
Because S/⁠MIME takes into account interoperation in non-MIME environments, several different mechanisms are employed to carry the type information, and it becomes a bit difficult to identify S/⁠MIME messages.

Vulnerabilities:
Vulnerabilities found on Cisco Email Security Appliance

Impact: A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

Cisco Email Security Appliance URL Filtering Denial of Service Vulnerability:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-url-dos

Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos