Oracle has released a January 2018 Critical Patch Update to fix certain products vulnerable to Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities. Some of the products affected include: a) Application Express, versions prior to 5.1.4.00.08 b) Java Advanced Management Console, version 2.8 c) MySQL Enterprise Monitor, versions 3.3.6.3293 and prior, 3.4.4.4226 and prior, …
On affected systems, meltdown enables an adversary to read memory of other processes or virtual machines in the cloud without any permissions or privileges, affecting millions of customers and virtually every user of a personal computer. We show that the KAISER defense mechanism for KASLR has the important (but inadvertent) side effect of impeding meltdown. …
Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim’s confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from …
Ubuntu security updates planned for January 9 will patch the recently disclosed Meltdown and Spectre CPU vulnerabilties, Canonical has announced. Impacting billions of devices around the world, Meltdown and Spectre are two new side-channel attacks targeting CPUs from Intel, AMD and ARM. Residing in the CPU architecture, the flaws impact Windows, MacOS, Linux, and many …
Intel has been working with its partners to release software and firmware updates that should protect systems against the recently disclosed CPU attacks. The company expects patches to become available for a majority of its newer products by the end of next week. Researchers this week disclosed the details of Spectre and Meltdown, two new …
Security updates have been released stating that CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These vulnerabilities affect many modern processors and operating systems including Intel, AMD, and ARM which can be used to read the content of memory across a trusted boundary and can therefore lead to information …
VMware has released a security update stating that vSphere Data Protection (VDP) contains the following vulnerabilities: a) VDP authentication bypass – a remote unauthenticated malicious user can potentially bypass application authentication and gain unauthorized root access to the affected systems. b) VDP arbitrary file upload – A remote authenticated malicious user with low privileges could …
Exploit code used by the Satori botnet to compromise Huawei routers via a zero-day vulnerability became public last week, researchers have discovered. The exploit has been used in attacks involving the Mirai variant Satori to target Huawei vulnerability CVE-2017–17215, which was unpatched at the time the first assaults started. The vulnerability was found in Huawei …
A researcher who specializes in hacking Apple’s iOS operating system has made public the details of an unpatched vulnerability in macOS that can be exploited to take complete control of a system. The details of the exploit and proof-of-concept (PoC) code were made public on the first day of 2018 – or the last day …
Ransomware continues to make organizations suffer, as evidenced by the persistence of Cerber and outbreaks of WannaCry and Petya (also known as NotPetya, since it was a variant of the original but with new behaviors). Looking at the raw numbers, WannaCry bested Cerber as the most prolific ransomware family, remaining active since its initial outbreak …