Preface: Vendor did not describe in details, see whether this is the vulnerability they found?
Background: The Android Runtime (ART) and managed core library (libcore) were part of the Runtime module effort in Android 10 along with the native runtime (Bionic) and ICU. In Android 11, ART and libcore are packaged as non-updateable APEX. Bionic and ICU (code and data) remain on the platform and are separated from ART to improve updatability.
Vulnerability details: Google has started rolling out April 2023 security update for its mobile operating system platform to address a total of 69 new security vulnerabilities affecting Android devices, 6 of which have been rated critical in severity. This topic we focus to the following vulnerabilities CVE-2023-21085 and CVE-2023-21096.
Preface: On Dec 2022, Microsoft has warned that malicious hackers were able to get the software giant to digitally sign their code so it could be used in attacks, such as the deployment of ransomware.
Background: The newest update to AMD’s P-State EPP Linux driver hit today, offering better Ryzen & EPYC performance & better power control on CPUs. AMD P-State EPP can further help tune the performance and power efficiency of AMD Linux systems beyond the existing basic AMD P-State driver support and address some existing deficiencies. AMD EPYC processors are the only x86 server CPUs with an integrated, embedded security processor that is “hardened at the core” to help secure customer data whether in a central data center or distributed across locations at the network edge.
Observation of the subject: AMD confirms Ryzenfall vulnerabilities, but says they’ll be fixed soon via routine BIOS updates on 2018. From earlier stage, AMD has neither confirmed nor denied whether the attacks can be executed remotely, or require local access. AMD has recently released a BIOS update that supposedly allows users disable the Secure Processor, but this feature works only partially and does not stop the RYZENFALL attacks. But some experts say this is not an effective mitigation measure.
What do you think? Do you think the specify design weakness still valid or it has fixed by vendor?
Prefect: The Lord taught Enoch that those who build their lives upon the Savior would never fall. Don’t mind about it was really had Lord or advanced civilization, human being go to digitization. In bible it mention about Lucifer. It is similar to cyber threat actor.
Background: Technology trends from on-premises to cloud. Cloud-based attack most likely through below ways – Compromised Laptop via Phishing Emails – The RansomCloud attack is a relatively new type of ransomware that targets cloud-based email services such as Office 365. – Compromised Server via Unpatched Vulnerabilities Based on cyber defense capabilities, we believe that major cloud service providers will have effective ways to deal with disruptions caused by cyber attacks.
However , more and more native applications rely on CSPs’ API. For example: Push notification, push messages, or notifications, through its cloud messaging service. However Applications running on mobile devices, browsers or IoT devices can use push technology. For example: application-to-application (A2A) and application-to-person (A2P) communication. A2A provides high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. Push notifications can be cloud-based or app-based, and are built to work with a server that provides the notification. An API can enable push notifications from cloud services as app and web push services. Once an organization requests a push notification, an API calls this service and sets the message in place to be delivered. Push API can use these capabilities in order to spread fake or deceptive messages, flood the user’s device with spam, and trick people into installing malicious apps. Remark: Push API is the general term for all push APIs.
Ref: Push notifications can be cloud-based or app-based, and are built to work with a server that provides the notification. An API can enable push notifications from cloud services as app and web push services. Once an organization requests a push notification, an API calls this service and sets the message in place to be delivered.
Technical details: My friend Enoch (CCIE) recommend Kubernetes Hardening Guide last week. In my view that it is good for preventive control. Since it is a lot of uncertainty in digital world. Be my guest, you can download on this official link.
Preface: The Android operating system is mainly based on Linux, and its kernel is written in C language. Some modifications may have been done using the C++ language.
Background: Get Group State – Different software uses different way (see below):
only need to input the queried union information unionID
need unionID and zoneID; query information about the state of the union binding the group Return information and result:
Vulnerability details: In getGroupState of GrantPermissionsViewModel.kt, there is a possible way to keep a one-time permission granted due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
If a permission is split, all permissions the original permission is split into are affected. For <= N_MR1 apps all permissions of the groups of the requested permissions are affected
Preface: WebKitGTK is a full-featured port of the WebKit rendering engine, suitable for projects requiring any kind of web integration, from hybrid HTML/CSS applications to full-fledged web browsers.
Background: There is no Webkit. framework in Cocoa Touch. The webkit framework is only available on OS X. For iOS, just use UIWebview. The Core OS Layer is the last layer of the iOS stack and sits directly on top of the device hardware. This layer provides a variety of services including low level networking, access to external accessories and the usual fundamental operating system services such as memory management, file system handling and threads.
Vulnerability details: A type confusion issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2.1, iOS 16.3.1 and iPadOS 16.3.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
My observation: Since the vulnerability not described in details! My speculation, does vendor found attacker exploit below design weakness (see belwo): %rbx is a callee save register , we know that some callee of JITCode::execute() must have modified %rbx and failed to restore it before returning. JSC does have code to save and restore callee save registers in LLInt interpreter and Just-In-Time (JIT) compiler generated code. Perhaps the vulnerability enhancement is going to correctly caller-save return address register.
Preface: Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.
Background: Background: tcindex, traffic control index filter. This filter allows to match packets based on their tcindex field value, i.e. the combination of the DSCP and ECN fields as present in IPv4 and IPv6 headers. SYNOPSIS: tc filter … tcindex [ hash SIZE ] [ mask MASK ] [ shift SHIFT ] [ pas_on | fall_through ] [ classid CLASSID] [ action ACTION_SPEC ]
Vulnerability details: A use-after-free vulnerability was found in the traffic control index filter (tcindex) in the Linux kernel. The imperfect hash area can be updated while packets are traversing. This issue could allow a local attacker to cause a use-after-free problem, leading to privilege escalation.
Preface: During the learning process of artificial intelligence, he was always disrupted by vulnerabilities. Artificial intelligence said, to become an artificial intelligence, I will use my wisdom to create a perfect OS system.
Background: Large scale of artificial intelligence structure especially machine learning may have a enterprise Linux system installed. The key component is shown as below: Apache Kafka is an open source distributed streaming system for stream processing, real-time data pipelines, and large-scale data integration. Kafka with more than one broker is called Kafka Cluster. It can be expanded and used without downtime. Apache Kafka Clusters are used to manage the persistence and replication of messages of data, so if the primary cluster goes down, other Kafka Clusters can be used to deliver the same service without any delay. However if there is vulnerability occurs on Linux system. It will cause unforseen problem on the infrastructure.
Vulnerability details: CVE-2023-0767 – An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. Firefox and Thunderbird in Red Hat Enterprise Linux 8.6 and later are not affected by this vulnerability, as they use the system NSS library. Firefox and Thunderbird in earlier Red Hat Enterprise Linux 8 extended life streams were affected, and should be updated to fixed versions as they become available. Remark: To better support the PKCS12 format add one or several command line options to the pkcs12 tool to allow adding arbitrary attributes to bags.
Official announcement: For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the link – https://access.redhat.com/security/cve/CVE-2023-0767
Preface: Meltdown is a vulnerability allowing a process to read all memory in a given system.
Background: The Xen Project is a free and open source type-1 or bare-metal hypervisor that enables a computer to run multiple operating systems simultaneously on the same hardware. A Type 1 hypervisor runs directly on the underlying computer’s physical hardware, interacting directly with its CPU, memory, and physical storage. For this reason, Type 1 hypervisors are also referred to as bare-metal hypervisors. A Type 1 hypervisor takes the place of the host operating system. The pros of type-1 hypervisors lie in performance and security. It offerrs high performance because the hypervisor has direct access to the hardware. Security is also more reliable on type-1 than type-2, because there is no interface between the hypervisor and CPU.
Vulnerability details: Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.
Impact: An attacker might be able to infer the contents of arbitrary host memory, including memory assigned to other guests.
Affected system: Xen versions 4.5 through 4.17 are vulnerable. Older versions are not vulnerable.
Preface: How much does a 1 qubit quantum computer cost? Commercial quantum computers like D-Wave One with 50 qubits – $10,000,000. D-Wave systems use a process called quantum annealing to search for solutions to a problem.
Background: The Microsoft Quantum Development Kit offers durable quantum application development on hardware-accelerated compute resources. Program your quantum algorithms and formulate optimization solutions to cope with your AI development. Perhaps this is a prelude before the development of a scalable quantum computer in the future. Quantum computers have great potential to process the large datasets often used in AI experiments. By using quantum computing techniques to analyze data sets faster and more accurately than ever before, AI researchers have been able to make significant advances in fields such as machine learning. Because quantum computers are fundamentally different from classical computers, conventional techniques used to communicate electronic information do not directly translate to quantum devices.
Suggestion: Learn quantum programming (Q# programming language) with Microsoft QUANTUM Development KIT. It can use simulation. API for quantum computing simulation using the .NET ecosystem and Python.
Quantum Development Kit (SDK) contains below basic components
The Q# programming language (pronounced like Q-Sharp) Remark: The Q# development tools are based on the Microsoft.NET ecosystem. Therefore, need to install the correct version of the .NET Software Development Kit (so called .NET SDK)
API for quantum computing simulation using the .NET ecosystem and.or Python
Tools to help you develop and simulate your quantum programs using commas-line tools, Visual Studio Code, or Microsoft Visual Studio
Preface: Enabling HugePages makes it possible for the operating system to support memory pages greater than the default (usually 4 KB). Using very large page sizes can improve system performance by reducing the amount of system resources required to access page table entries.
Background: For Red Hat Enterprise Linux systems, it is recommend configure HugeTLB pages to guarantee that JBoss EAP processes will have access to large pages. Reminder: Activating large pages for JBoss EAP JVMs results in pages that are locked in memory and cannot be swapped to disk like regular memory.
Ref: Hugetlb boot command line parameter semantics hugepagesz. Specify a huge page size. Used in conjunction with hugepages parameter to preallocate a number of huge pages of the specified size. Hence, hugepagesz and hugepages are typically specified in pairs such as: hugepagesz=2M hugepages=512.
Design weakness: The special hugetlb routine called at fork took care of structure updates at fork time. However, vma_splitting is not properly handled for ipc shared memory mappings backed by hugetlb pages. This can result in a “kernel NULL pointer dereference” BUG or use after free as two vmas point to the same lock structure.
Solution: Update the shm open and close routines to always call the underlying open and close routines. For Redhat Linux, do the kernel update from 6.1.18-100.fc36 to 6.2.7-1000.fc36.
Technical reference: A subroutine IOBUFSET is provided to craved up an arbitrarily sized storage area into perforated buffer blocks with space for 132 data bytes. The beginning and ending addresses of the buffer storage area are specified to IOBUFSET in age A- and B-registers, respectively.
