There was a time when people said, there are no or at least less exploits and stuff for Apple devices. Well, these time are over. Zerodium does no longer accept exploits for Apple devices and software due to too many being reported.

We will NOT be acquiring any new Apple iOS LPE, Safari RCE, or sandbox escapes for the next 2 to 3 months due to a high number of submissions related to these vectors. Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.

Source: Zerodium

The server installer, perhaps other installers, will log LUKS passwords used on the system via:

– installer/subiquity-curtin-install.conf

 – {volume: disk-sda, key: …

– curtin/install.log

get_path_to_storage_volume for volume dm_crypt-0({‘volume’: ‘disk-sda’, ‘key’: …
        get_path_to_storage_volume for volume dm_crypt-0({‘volume’: ‘disk-sda’, ‘key’: …

Source: Ubuntu bug-tracker

A fix has been released, so you know the drill.

On Sunday, Eindhoven University of Technology researcher Björn Ruytenberg revealed the details of a new attack method he’s calling Thunderspy. On Thunderbolt-enabled Windows or Linux PCs manufactured before 2019, his technique can bypass the login screen of a sleeping or locked computer—and even its hard disk encryption—to gain full access to the computer’s data. And while his attack in many cases requires opening a target laptop’s case with a screwdriver, it leaves no trace of intrusion and can be pulled off in just a few minutes. That opens a new avenue to what the security industry calls an “evil maid attack,” the threat of any hacker who can get alone time with a computer in, say, a hotel room. Ruytenberg says there’s no easy software fix, only disabling the Thunderbolt port altogether.

Source: Wired

See Björn Ruytenberg’s “Breaking Thunderbolt Protocol Security: Vulnerability Report 2020” for any details. Here’s a local copy in case it gets depublished for any reason.

2020-05-02 @ 15:04: Zero-click RCE in Apple Mail Mac | Security

The vulnerability allows remote code execution capabilities and enables an attacker to remotely infect a device by sending emails that consume significant amount of memory.

Source: zecOps

When he looked around the Web on the device’s default Xiaomi browser, it recorded all the websites he visited, including search engine queries whether with Google or the privacy-focused DuckDuckGo, and every item viewed on a news feed feature of the Xiaomi software. That tracking appeared to be happening even if he used the supposedly private “incognito” mode.

The device was also recording what folders he opened and to which screens he swiped, including the status bar and the settings page. All of the data was being packaged up and sent to remote servers in Singapore and Russia, though the Web domains they hosted were registered in Beijing.

Source: Forbes

Here’s a video of a researcher showing how his Xiaomi phone is tracking his web use, including a visit to PornHub.

In a blunder described as “astonishing and worrying,” Sheffield City Council’s automatic number-plate recognition (ANPR) system exposed to the internet 8.6 million records of road journeys made by thousands of people, The Register can reveal.

The ANPR camera system’s internal management dashboard could be accessed by simply entering its IP address into a web browser. No login details or authentication of any sort was needed to view and search the live system – which logs where and when vehicles, identified by their number plates, travel through Sheffield’s road network.

Britain’s Surveillance Camera Commissioner Tony Porter described the security lapse as “both astonishing and worrying,” and demanded a full probe into the snafu.

He told us: “As chair of the National ANPR Independent Advisory Group, I will be requesting a report into this incident. I will focus on the comprehensive national standards that exist and look towards any emerging compliance issues or failure thereof.”

Source: The Register

A fool with a tool is still a fool. Remember that the next time you vote.

Nowadays, Bluetooth is an integral part of mobile devices. Smartphones interconnect with smartwatches and wireless headphones. By default, most devices are configured to accept Bluetooth connections from any
nearby unauthenticated device. Bluetooth packets are processed by the Bluetooth chip (also called a controller), and then passed to the host (Android, Linux, etc.). Both, the firmware on the chip and the host Bluetooth subsystem, are a target for Remote Code Execution (RCE) attacks.

One feature that is available on most classic Bluetooth implementations is answering over Bluetooth pings. Everything an attacker needs to know is the device’s Bluetooth address. Even if the target is not discoverable, it typically accepts connections if it gets addressed. For example, an attacker can run l2ping, which establishes an L2CAP connection and sends echo requests to the remote target.

In the following, we describe a Bluetooth zero-click short-distance RCE exploit against Android 9, which got assigned CVE-2020-0022 . We go through all steps required to establish a remote shell on a Samsung Galaxy S10e, which was working on an up-to-date Android 9 when reporting the issue on November 3 2019. The initial flaw used for this exploit is still present in Android 10, but we utilize an additional bug in Bionic (Android’s libc implementation), which makes exploitation way easier. The bug was finally fixed in the security patch from 1.2.2020 in A-143894715.

Source: Insinuator

The Trump Department of Justice has asked Congress to craft legislation allowing chief judges to indefinitely hold people without trial and suspend other constitutionally protected rights during the coronavirus and other emergencies, according to a report by Politico’s Betsy Woodruff Swan.

While the asks from the Department of Justice will likely not come to fruition with a Democratic-controlled House of Representatives, they demonstrate how much this White House has a frightening disregard for rights enumerated in the Constitution.

The DOJ has requested that Congress allow any chief judge of a district court to pause court proceedings “whenever the district court is fully or partially closed by virtue of any natural disaster, civil disobedience, or other emergency situation,” according to draft language obtained by Politico. This would be applicable to “any statutes or rules of procedure otherwise affecting pre-arrest, post-arrest, pre-trial, trial, and post-trial procedures in criminal and juvenile proceedings and all civil processes and proceedings.” They justify this by saying currently judges can pause judicial proceedings in an emergency, but that new legislation would allow them to apply it “in a consistent manner.”

Source: Rolling Stone

Well, that didn’t take too long. In fact it came sooner than I expected.


  • About

    We never asked for this.