exploit
Latest
Android's April security update tackles another Stagefright flaw
Google's monthly Android security updates are nothing new, but its latest release may be particularly important. The new April update tackles eight critical vulnerabilites that include one in the libstagefright library -- you know, the same media framework that recently faced a rash of real and potential exploits. It also patches a nasty kernel flaw that would give attackers full control over your device. You'll get first crack at the fixes if you either have a Nexus device or can install an Android Open Source Project build, but other vendors that offer Google's monthly updates will likely follow suit before long.
Jon Fingas04.04.2016
Recently patched security flaw bypassed OS X's new defenses
Theoretically, the System Integrity Protection introduced in OS X El Capitan makes it very hard to completely compromise a Mac. The feature prevents software from modifying protected files even if you have root access, preventing most software-based attacks from working. However, it's now clear that even this safeguard isn't airtight. SentinelOne's Pedro Vilaça has discovered a security flaw that -- combined with access gained via another method, like a phishing attack or browser vulnerability -- lets you run any code you like on a Mac, even with SIP in effect. The vulnerability takes advantage of a corruption bug in OS X to give a program full control over your system; since certain programs need full privileges for OS X to work (you couldn't update your system otherwise), the intruder just has to target the right file to hijack your computer.
Jon Fingas03.25.2016
Google warns of Android flaw that lets attackers hijack phones
Rooting (that is, using a security flaw to gain control over an operating system) is a staple of the Android enthusiast world, but it's also used by would-be attackers... and Google just offered a textbook example of this problem. It's warning of a vulnerability in Android's Linux-based kernel that lets apps get root access, giving intruders free rein over your device. And this isn't just a theoretical exercise -- Zimperium (which discovered the Stagefright bug) says it has spotted publicly available apps that make use of the hole.
Jon Fingas03.22.2016
Apple fixing iMessage flaw that lets hackers steal photos
Apple has put a lot of work into making its phones hard to crack, much to the consternation of US law enforcement officials. It's still not perfect, however, as researchers from John Hopkins University have discovered a flaw that lets attackers intercept and decrypt video and images sent on iMessage. The exploit only works on versions prior to iOS 9, because Apple partially fixed the problem in that version. However, John Hopkins professor Matthew D. Green told the Washington Post that a modified exploit could possibly be developed for iOS 9 versions, provided hackers have skills of a "nation state."
Steve Dent03.21.2016
Stagefright exploit reliably attacks Android phones (updated)
You may know that the Stagefright security flaw is theoretically dangerous, but it hasn't been that risky in practice -- it's just too difficult to implement on an Android device in a reliable way. Or rather, it was. Security researchers at NorthBit have developed a proof-of-concept Stagefright exploit, Metaphor, that reliably compromises Android phones. The key is a back-and-forth procedure that gauges a device's defenses before diving in. Visit a website with a maliciously-designed MPEG-4 video and the attack will crash Android's media server, send hardware data back to the attacker, send another video file, collect additional security data and deliver one last video file that actually infects the device.
Jon Fingas03.19.2016
Adobe warns users to patch a critical Flash vulnerability
Stop me if you've heard this one. Adobe has released a new patch for Flash that fixes "critical vulnerabilities that could potentially allow an attacker to take control of the affected system," according to the security bulletin. It says the update (version 21.0.0.182) is a top priority for users of Windows, Mac, Android, iOS and ChromeOS, so you should install it tout de suite. The upgrade patches 23 holes in the software, but Adobe said one of them, CVE-2016-1010 "is [already] being used in limited, targeted attacks."
Steve Dent03.11.2016
Apple bought the company that exposed its flawed firmware
What do you do when researchers create a worm that infects your company's firmware? If you're Apple, you buy the researchers. Last August, news broke of a exploit named "Thunderstrike 2." Delivered by a simple link, the worm could silently modify a Mac's firmware, meaning that even an OS reinstall wouldn't remove it. Thankfully, the researchers responsibly informed Apple of the issue, and the company had mostly solved this particular problem before it went public.
Aaron Souppouris02.03.2016
Your fitness tracker probably has security issues
Ever wondered how secure you are with a fitness tracker on your wrist? The researchers at Open Effect have... and their answer is "not as much as you'd probably like." In their analysis, several common trackers have flaws that theoretically let attackers follow you or intercept data. Seven out of eight used static hardware identifiers that could allow location tracking over Bluetooth, for a start. Also, the companion apps from Garmin, Jawbone, Withings and Xiaomi have holes that not only expose data, but let evildoers fake fitness info -- a problem in lawsuits where that data could be crucial evidence.
Jon Fingas02.02.2016
Zero-day exploits aren't as important to the NSA as you think
The head of the National Security Agency's elite hacking arm, Tailored Access Operations, downplayed the importance of zero-day exploits during a talk at USENIX Enigma 2016 in San Francisco this week, as spotted by Vice. Zero-day security holes are secret (and usually short-lived) software vulnerabilities -- the vendor doesn't know about them (until it does). According to TAO chief Rob Joyce, zero-day exploits are a small part of the NSA's hacking agenda.
Jessica Conditt01.29.2016
Lenovo fixes basic flaws in one of its bundled apps
Lenovo's software security headaches aren't quite over yet, it seems. The PC maker has fixed an a slew of glaring flaws in a file-sharing app, ShareIt, that comes bundled with both its Android and Windows devices (including IdeaPads and ThinkPads). How glaring? For a start, the Windows version had an extremely obvious password ("12345678") hard-coded into the software -- anyone on the same WiFi network could connect just by guessing, and you couldn't even change that password if you knew the problem existed. ShareIt on both platforms also sent files without encryption, and the Android version would default to creating a password-free WiFi hotspot when you chose to receive files.
Jon Fingas01.27.2016
Apple's Gatekeeper vulnerability still needs to be fixed
Back in September, Synack security researcher Patrick Wardle disclosed a nasty issue with Apple's nefarious-app stopping Gatekeeper system in OS X. While the software is great at stopping malware-infected apps that users have downloaded from the bowels of the internet, it did have a flaw: a signed app could, upon launch, initiate an unsigned program if it resided in the same directory. Because the end user is never aware that this second application is launching, it's a great way to infect a computer. As a responsible researcher, Wardle informed Apple and got a security update as a result. That should have been the end of it, right? Yeah, not so much.
Roberto Baldwin01.15.2016
FBI hacked the Dark Web to bust 1,500 pedophiles
The Federal Bureau of Investigation infiltrated and shut down what it called "the largest remaining known child pornography hidden service in the world" this summer, using a hacking method to track IP addresses on the Dark Web, Vice Motherboard reported. The Dark Web bulletin board site, named "Playpen," launched in August 2014 and within one year had garnered 215,000 accounts with 11,000 unique visitors each week.
Jessica Conditt01.07.2016
Comcast home security exploit could let burglars in (updated)
Comcast's Xfinity Home system is supposed to keep your whole house secure, but a recently published vulnerability could leave things wide open. Researchers at Rapid7 report that you can use a quirk in the 2.4GHz wireless frequency to break communications with security sensors, forcing them to fail open and take a long time (several minutes to 3 hours) to reconnect. As the system doesn't even recognize the lost connection, that gives intruders free rein -- you might not know that anything's wrong until it's too late.
Jon Fingas01.06.2016
AVG's Chrome security add-on had a big security hole
You'd normally expect antivirus software to improve your web browser's security, but just the opposite was true for AVG until today. The company has fixed an exploit in its protective Chrome extension, WebTuneUp, that would let maliciously-coded websites compromise your PC to a "trivial" degree. It could read your email on the web, for example. AVG was quick about fixing the issue within days of getting a heads-up from Google, but there is a real concern that millions of people were vulnerable for considerably longer.
Jon Fingas12.29.2015
FBI: Yes, we exploit unpatched security holes
It's no secret that the FBI uses tech tools like Stingray phone trackers to investigate suspects, but it's now clear that the bureau is willing to go even further than that. Operational Technology Division lead Amy Hess (above) tells the Washington Post that the FBI uses zero-day (that is, unknown by vendors) security software exploits for investigations -- the first time any official has admitted this on the record. The outfit doesn't prefer to use these hacks given how short-lived they are, Hess says, but they're still on the table.
Jon Fingas12.08.2015
Legislators want to know how VTech handles children's data
In the days following a surprisingly heinous hack on kiddy-gadget-maker VTech, shock and surprise have given way to pointed curiosity. The latest slew of questions come from Senator Edward J. Markey (D–MA) and Congressman Joe Barton (R–TX), who just issued a letter -- that definitely doesn't double as a PR grab at all -- calling on VTech to explain what kind of data they collect from kids under 12 and what they're actually doing with it. VTech (better known as Hong Kong-based VTech Holdings) has until January 8 to proffer a response, though the company technically doesn't have to respond at all.
Chris Velazco12.02.2015
NSA discloses most security flaws, but that's not the whole story
The National Security Agency is opening up a bit about how it discloses security exploits... though not by much. Officials have posted an infographic boasting that the NSA shares details about 91 percent of the security flaws it finds, with the remaining 9 percent either fixed by vendors first or held back for "national security reasons." As it argues, it's in the country's best interests to protect the internet by "responsibly" letting software developers know about these dangerous bugs. There wouldn't be much point to holding back on these details if it wrecked the internet, the surveillance outfit says.
Jon Fingas11.08.2015
Malware turns hundreds of security cameras into a botnet
Closed-circuit security cameras are supposed to make you safer, but some malware is turning them into weapons. Researchers at Incapsula have discovered code that turned about 900 Linux-based CCTV cameras into a botnet, which promptly bombarded an unnamed "large cloud service" that serves millions of people. The intruders compromised cameras from multiple brands, all of which had lax out-of-the-box security -- in some cases, they'd been hacked by more than one person.
Jon Fingas10.25.2015
Even Windows 10 is vulnerable to a big Internet Explorer security flaw
Just because Internet Explorer sits on the sidelines in Windows 10 doesn't mean you're safe from IE-specific exploits. Microsoft has released a patch for a "critical" flaw in the browser that lets attackers remotely control just about any semi-recent version of Windows, ranging from Vista to 10, just by serving you a maliciously-coded web page. The likelihood of running into an exploit is slim if you prefer to use Edge or a third-party browser, but you'll probably want to get the fix regardless... just in case you feel nostalgic enough to click on that blue E.
Jon Fingas10.13.2015
Stagefright bug now spreads through malicious audio files
Cripes, how many times is Google going to have to patch before the Stagefright exploit bug stays fixed? The company has already patched its code three times but on Thursday, security research firm Ziperium (the guys that initially discovered the flaw) announced that it had discovered yet another way hackers could bypass an Android handset's security. This time, the malicious code can be delivered by an audio message. Hackers can encode a piece of malware into an MP3 or Mp4 file and then disseminate it (worryingly, this sort of digital delivery vehicle works really well over public Wi-Fi connections). Any Android user who clicks on the downloaded file will prompt the OS to automatically preview the song, infecting the device. And since virtually every build of Android OS currently available shares this same auto-preview feature, the exploit works nearly universally. Google is reportedly already working to patch the vulnerability in Android's core code, which should be ready by the October Monthly Security Update on the 5th.
Andrew Tarantola10.01.2015