exploit
Latest
Intel says it will patch 90 percent of recent chips by next week (updated)
A little more than a day since Google Project Zero went public with its findings regarding a major security flaw in Intel (and others) chip designs, the company announced that it is already is pushing out patches to eliminate the vulnerability. Intel has "already issued updates for the majority of processor products introduced within the past five years," per the company press release, and expects to have 90 percent of affected chips produced within the past five years patched by the end of the week.
Intel says memory security issue extends beyond its own chips (updated)
That major security flaw attributed to Intel chips might not be so Intel-specific after all. After hours of silence, Intel has posted a response denying some of the claims about the exploit, which is believed to revolve around identifying content in an operating system kernel's protected memory space. The chip giant shot down reports that the issue was unique to its CPUs, noting that it's working with AMD and ARM (not to mention multiple OS makers) to create a solution -- sorry, you're not safe because you have a Ryzen rig. It also reminded people that the performance hit of the fix would be "workload-dependent," and shouldn't be noticeable for the "average computer user."
Fix for Intel's massive CPU security flaw might slow down your PC
Intel is grappling with another major security flaw in its processors... and this time, the cost of fixing it may be very steep. Researchers have discovered a design vulnerability in Intel CPUs over the past decade that covers the ability of ordinary programs to determine the content or layout of protected kernel memory (i.e. areas reserved just for the operating system). While the details appear to be under embargo for now, the fix is to completely separate the kernel memory from those ordinary processes. That could carry a significant speed hit, since it requires switching between two memory address spaces every time there's a system call or a hardware interrupt request.
LastPass fixes fingerprint security flaw in its Authenticator app
Password manager LastPass has an extra layer of protection for its Authenticator app, in the form of a fingerprint and/or PIN that ostensibly keeps people out of your passwords if they find your phone unlocked. Last week, a developer posted that he'd been able to bypass this security feature on the Android version of the app. As of right now, though, LastPass users can download an update to the app that fixes the issue and adds a one-time code when the fingerprint/PIN feature is first enabled.
Windows 10 included password manager with huge security hole
There's a good reason why security analysts get nervous about bundled third-party software: it can introduce vulnerabilities that the companies can't control. And Microsoft, unfortunately, has learned that the hard way. Google researcher Tavis Ormandy discovered that a Windows 10 image came bundled with a third-party password manager, Keeper, which came with a glaring browser plugin flaw -- a malicious website could steal passwords. Ormandy's copy was an MSDN image meant for developers, but Reddit users noted that they received the vulnerable copy of Keeper after clean reinstalls of regular copies and even a brand new laptop.
Apple fixes macOS bug allowing full access without a password (updated)
It didn't take long for Apple to patch that nasty macOS High Sierra flaw that let intruders gain full administrator access (aka root) on your system. The company has released Security Update 2017-001, which should prevent people from gaining control over a Mac just by putting "root" in the username and hitting the Return key a few times. Needless to say, you'll want to apply this fix as soon as you can if you're running Apple's latest desktop OS.
macOS High Sierra bug allows full admin access without a password
If you're using Apple's latest macOS High Sierra, you'll want to be wary of giving people access to your computer. Initially tweeted by developer Lemi Orhan Ergin, there's a super-easy exploit that can give anyone gain admin (or root) rights to your Mac. Engadget has confirmed that you can gain root access in the login screen, the System Preferences Users & Groups tab and File Vault with this method. All you need to do is enter "root" into the username field, leave the password blank, and hit Enter a few times. Needless to say, this is some scary stuff.
Nintendo Switch homebrew is possible, but there's a catch
Resourceful hackers have long been rejuvenating Nintendo's consoles past their sell-by dates. Armed with in-game exploits, the homebrew community persistently overcame updates to release unofficial emulators and apps for the Wii, Wii U, and 3DS. But, is Nintendo's latest console as hackable as its predecessors? A bunch of enthusiasts have been tinkering away for months to solve that riddle, and they've now made a significant breakthrough. As the Wololo homebrew community notes, an update to the Pegaswitch toolkit allows for the Switch to be prepped for homebrew on firmware 3.0.0. using a copy of Pokken Tournament DX.
Amazon Echo and Google Home were vulnerable to Bluetooth exploit
Back in September, Bluetooth-connected device owners got a little scare when security firm Armis disclosed a new hack exploit known as BlueBorne. In theory, bad actors could target smartphones, tablets and such using specific vectors in Bluetooth connectivity. Armis had informed Apple, Microsoft and Google months before and they patched up the vulnerabilities ahead of the news release. But today the firm disclosed that it wasn't just handheld devices that might have been affected -- Amazon's Echo and Google Home were vulnerable, too.
OnePlus inadvertently left a backdoor on its phones (updated)
OnePlus' security troubles aren't over yet. Users have discovered that many of the company's phones from the past few years (including the OnePlus 5) include a Qualcomm testing app, EngineerMode, that lets you get root-level access to the phone without having to unlock its bootloader. An attacker would likely need physical access to your phone to do any damage, but that still means they could insert trackers or otherwise compromise your phone with very little effort.
McAfee stops letting foreign governments check its source code
Cybersecurity software company McAfee stopped allowing foreign governments to review the source code of its products earlier this year, a company spokesperson told Reuters. Security experts have warned for some time against this type of sharing, which they claimed could open products up to security vulnerabilities.
Microsoft already has a fix for that severe WiFi security exploit (updated)
The "Krack Attack" WiFi encryption security flaw is more than a little frightening, but you should already be relatively safe if you're using a recent Windows PC. Microsoft has released a patch that fixes the vulnerability on all supported versions of Windows (effectively, 8 or later). Windows isn't as susceptible to the flaw as Linux-based platforms like Android, which don't demand a unique encryption key, but this fix may have a significant impact simply through the sheer ubiquity of Windows in the computing world.
Some phones and laptops are vulnerable to 'BlueBorne' exploit
Armis security has identified a new vulnerability in computers and mobile devices that leaves them susceptible to attack via Bluetooth. The exploit, dubbed "BlueBorne," doesn't require user permission or to even pair with devices -- it can simply connect over the air and access networks or install malware. Armis previously alerted most affected parties back in April, but as of today, it's mostly Android devices that remain vulnerable to attack.
DJI will pay you to find security exploits in its drones
DJI clearly doesn't like that organizations are shying away from its drones over security fears, and it knows it can't solve the problem by itself. The company is launching a bug bounty program that will pay between $100 and $30,000 to anyone who finds flaws in its software, whether they're showstopping security exploits, privacy threats, safety issues or simple app crashes. Bug bounties certainly aren't anything new, but this shows how important drone security has become -- DJI doesn't want to lose business or risk an injury because it didn't catch a glitch in time.
Android exploit adds secret, thieving layers to your phone
Researchers from UC Santa Barbara and Georgia Tech have discovered a fresh class of Android attacks, called Cloak and Dagger, that can operate secretly on a phone, allowing hackers to log keystrokes, install software and otherwise control a device without alerting its owner. Cloak and Dagger exploits take advantage of the Android UI, and they require just two permissions to get rolling: SYSTEM ALERT WINDOW ("draw on top") and BIND ACCESSIBILITY SERVICE ("a11y").
Attackers can use video subtitles to hijack your devices
Be careful before you fire up media player software to play that foreign-language movie -- it might be a way for intruders to compromise your system. Check Point researchers have discovered an exploit that uses maliciously crafted subtitles to take control of your device, whether it's a PC, phone or smart TV. It's not picky about the program, either -- the researchers demonstrated the flaw in Kodi, PopcornTime, Stremio and VLC. The technique isn't particularly complicated, and relies on a tendency by developers to assume that subtitles are little more than innocuous text files.
'Shadow Brokers' threaten to release more hacking tools in June
An exploit that the "WannaCry" malware used to encrypt computers worldwide first appeared in a leak from "The Shadow Brokers," a group that claims to have stolen a number of tools from the NSA. Now the Shadow Brokers are back with a new blog post threatening more leaks. Through an intentionally sloppy writing style, the group taunts not only TheEquationGroup (read: NSA), but also Microsoft and its blog post blaming spy agencies, claiming that Microsoft is simply upset the NSA didn't pay to hold its vulnerability.
The 'WannaCry' ransomware is a stark reminder of a broken system
In April, a hacking group called The Shadow Brokers dumped a cache of Windows' exploits it pilfered from the NSA. The group had decided to start leaking exploits it stole from the agency after it was unable to find a buyer for the government's hacking tools. Inside that April drop was a remote code execution vulnerability called "EternalBlue" (aka MS17-010). Fortunately, Microsoft issued a security patch that fixed EternalBlue in March. What's not so fortunate is that not everyone had applied it to their machines.
Microsoft blasts spy agencies for hoarding security exploits
Microsoft is hopping mad that leaked NSA exploits led to the "WannaCry" (aka "WannaCrypt") ransomware wreaking havoc on computers worldwide. Company President Brad Smith has posted a response to the attack that roasts the NSA, CIA and other intelligence agencies for hogging security vulnerabilities instead of disclosing them to be fixed. There's an "emerging pattern" of these stockpiles leaking out, he says, and they cause "widespread damage" when that happens. He goes so far as to liken it to a physical weapons leak -- it's as if the US military had "some of its Tomahawk missiles stolen."
'Shadow Brokers' dump of NSA tools includes new Windows exploits (updated)
Earlier this year "The Shadow Brokers" -- an entity claiming to have stolen hacking tools from the NSA then offering them for sale -- seemed to pack up shop, but the group has continued on. Today, it made a new post that contained a number of working exploits for Windows machines running everything from XP up to at least Windows 8. As far as Windows 10, it appears that the stolen data is from 2013 and predates the latest OS. As such, it isn't immediately apparent if it's vulnerable, but early results indicate at least some of the tools aren't working on it. Update (4/15): Microsoft responded early Saturday morning, saying that for the seven flaws leaked that affect supported systems -- they've all already been patched. Of course, the story gets a bit more interesting from there, since it appears that four of them were only patched just last month, suggesting someone informed the company about the security issues before TSB could leak them.
