Details

BleepingComputer

24 May 2024

Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft.

The flaw arises from the improper use of Android's content provider system, which manages access to structured data sets meant to be shared between different applications.

This system incorporates data isolation, URI permissions, and path validation security measures to prevent unauthorized access, data leaks, and path traversal attacks.

When implemented incorrectly, custom intents, which are messaging objects that facilitate communication between components across Android apps, could bypass these security measures.

Examples of incorrect implementations include trusting unvalidated filenames and paths in intents, misuse of the 'FileProvider' component, and inadequate path validation. Read More..

Details

The Hacker News

05 April 2024

Bogus installers for Adobe Acrobat Reader are being used to distribute a new multi-functional malware dubbed Byakugan.

The starting point of the attack is a PDF file written in Portuguese that, when opened, shows a blurred image and asks the victim to click on a link to download the Reader application to view the content.

According to Fortinet FortiGuard Labs, clicking the URL leads to the delivery of an installer ("Reader_Install_Setup.exe") that activates the infection sequence. Details of the campaign were first disclosed by the AhnLab Security Intelligence Center (ASEC) last month.

The attack chain leverages techniques like DLL hijacking and Windows User Access Control (UAC) bypass to load a malicious dynamic-link library (DLL) file named "BluetoothDiagnosticUtil.dll," which, in turn, loads unleashes the final payload. It also deploys a legitimate installer for a PDF reader like Wondershare PDFelement. Read More..

Details

The Hacker News

05 April 2024

Google has disclosed that two Android security flaws impacting its Pixel smartphones have been exploited in the wild by forensic companies.

The high-severity zero-day vulnerabilities are as follows -

• CVE-2024-29745 - An information disclosure flaw in the bootloader component
• CVE-2024-29748 - A privilege escalation flaw in the firmware component

"There are indications that the [vulnerabilities] may be under limited, targeted exploitation," Google said in an advisory published April 2, 2024.

While the tech giant did not reveal any other information about the nature of the attacks exploiting these shortcomings, the maintainers of GrapheneOS said they "are being actively exploited in the wild by forensic companies." Read More..

Details

The Hacker News

05 April 2024

New research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.

The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.

"Many HTTP/2 implementations do not properly limit or sanitize the amount of CONTINUATION frames sent within a single stream," CERT/CC said in an advisory on April 3, 2024.

"An attacker that can send packets to a target server can send a stream of CONTINUATION frames that will not be appended to the header list in memory but will still be processed and decoded by the server or will be appended to the header list, causing an out of memory (OOM) crash." Read More..