Hacken Token
$ -- --.--
Weekly News Digest #25

Weekly News Digest #25

New security fixes addressing Creative Cloud, Connect, and Framemaker vulnerabilities released by Adobe

Adobe publishes standard security updates every month. In the new release, the tech giant has addressed the vulnerability in Framemaker, a document processor.

The identified bug tracked as CVE-2021-21056 constitutes a serious out-of-bounds read issue the exploitation of which may cause arbitrary code execution.

The tech giant has also addressed three critical vulnerabilities related to Adobe Creative Cloud. The first resolved vulnerability tracked as CVE-2021-21068 constitutes the arbitrary file overwrite issue. The second identified bug tracked as CVE-2021-21078 constitutes an OS command injection security flaw. The exploitation of both CVE-2021-21068 and CVE-2021-21078 bugs may result in arbitrary code execution. At the same time, the third identified vulnerability tracked as CVE-2021-21069 may be referred to as improper input validation issues the exploitation of which may cause privilege escalation.

Read more

Apple security updates: new patches to prevent code execution through malicious web content

Apple has addressed the bug affecting iPads, MacBooks, and iPhones the exploitation of which could cause “arbitrary code execution” when users visit a website containing malicious code.

The identified bug constitutes a memory-related vulnerability that could affect the Safari browser engine WebKit. Apple has provided the security fix in iOS 14.4.1, iPadOS 14.4.1, and fix in macOS Big Sur 11.2.3. The company has not provided any details about the identified vulnerability but has mentioned the potential vulnerability of its browser to “arbitrary code execution” because of the maliciously crafted web content processing.

Clément Lecigne, the specialist working in the Threat Analysis Group of the company Google, and Alison Huffman, the specialist representing the browser vulnerability research group in Microsoft, identified and reported on the vulnerability in question tracked as CVE-2021-1844.

Read more 

User devices affected by banking Trojans dropped by Google Play malicious apps

In a blog post published on Tuesday, Check Point Research stated that the Android applications were presumably submitted by a single threat actor and each app had newly created developer accounts.

According to Check Point Research, the dropper was loaded into the software that seemed to be unsuspecting. All 10 apps constituted utilities including Pacific VPN, BeatPlayer, Cake VPN, QRecorder, and QR/Barcode Scanner MAX.

Google’s standard security protections failed to detect the issue in advance. GitHub was used for payload downloads while Firebase performed the role of a command-and-control platform. Upon identifying the problem Google has removed the malware from Playstore.

Read more

QNAP storage devices hijacked by UnityMiner cryptocurrency malware

QNAP is a famous company from Taiwan that manufactures hardware such as network-attached storage (NAS) devices that are used to provide complementary centralized storage and are demanded by both corporate and individual customers. The group of researchers representing 360Netlab received a number of reports on 2 March containing information about a new wave of attacks against QNAP NAS devices.

Such techniques as credential theft and brute-force attacks are often applied to hijack the devices associated with the Internet of Things (IoT). In the provided case, it is likely that remote code execution was enabled by the two vulnerabilities tracked as CVE-2020-2506 and CVE-2020-2507 respectively. “Such security threats as remote code execution and NAS devices hijacking may be triggered by non-correct access control and command injection vulnerabilities that are attributable to security issues of the Helpdesk”, – commented the representatives of QNAP.

Read more

F5 reveals flaw enabling remote code execution – BIG-IP Platform at risk!

On Wednesday, the company F5 Networks that is active in the field of application security published a warning regarding the detection of four critical vulnerabilities affecting a number of products. Denial of service (DoS) attacks, as well as unauthenticated remote code execution (RCE) on target networks, may have been enabled by the exploitation of vulnerabilities in question. 

The security patches cover seven related flaws (CVE-2021-22986…CVE-2021-22992). Felix Wilhelm, the specialist representing Google Project Zero, detected and reported on two out of seven flaws at the end of 2020.

Among these flaws, four flaws may cause damage to 11.6 and 12.x versions of BIG-IP, however, newer versions may be subject to damage as well. 6.x and 7.x BIG-IQ versions may be affected by the critical pre-auth RCE tracked as CVE-2021-22986. However, according to the statement made by F5, the company’s specialists do not have any information on whether these issues have been publicly exploited.

Vulnerable systems may have been fully compromised in case the vulnerabilities in question were successfully compromised and such threatening activities as DoS attack and remote code execution became a reality.  

Read more

Subscribe to our research

Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.