| title | date | draft | logo |
|---|---|---|---|
October 29, 2023 |
2023-10-29 00:00:00 +0545 |
false |
images/infosec/default.png |
{{< toc >}}
In the realm of cybersecurity, a newly uncovered threat has emerged – iLeakage. This sophisticated exploit is targeting the popular Apple Safari browser, compromising user privacy in unforeseen ways. Discover the critical information you need to stay protected. Learn about remedies to secure your online activities and safeguard your digital world. Find out how this exploit affects the technology you rely on, particularly Apple devices. Stay ahead of this emerging threat to keep your personal data safe.
Safari web browser, which is widely used on Apple devices, including iPhones, iPads, and Mac computers.
https://thehackernews.com/2023/10/ileakage-new-safari-exploit-impacts.html
Ensure your Safari browser is up-to-date with the latest security patches to mitigate the risk of exploitation.
A critical security flaw, identified as CVE-2023-46747 with a CVSS score of 9.8, has been found in F5 systems. This vulnerability allows unauthenticated remote code execution via the configuration utility. An attacker with network access through the management port and self-IP addresses can execute arbitrary system commands, posing a control plane risk. This vulnerability is closely related to CVE-2022-26377, involving authentication bypass and potential full system compromise.
F5 Systems
https://cybersecuritynews.com/big-ip-rce-flaw/
• Limit internet access to the Traffic Management User Interface (TMUI) • Update to fixed releases which have been provided for affected BIG-IP versions
Google rolled out fixes to address a new actively exploited zero-day in the Chrome browser. The vulnerability has been described as a "Heap-Based Buffer Overflow" in VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). The exploitation of this buffer overflow flaw can result in program crashes or execution of arbitrary code with the loss of availability and data integrity. This vulnerability has been tracked as CVE-2023-5217 after the Google's Threat Analysis Group discovered and reported on September. Futher details have not been disclosed other than to acknowledge that exploits for CVE-2023-5217 exists in the wild"
• Google Chrome
https://cybersecuritynews.com/chrome-security-crash-browser/
• Users must update to the most recent version of Google Chrome to prevent exploiting vulnerabilities.
CVE-2023-5217
Building on earlier vulnerabilities found in Booking[.]com and Expo, serious security issues have been exposed in the Open Authorization (OAuth) implementation of well-known web services like Grammarly, Vidio, and Bukalapak. Between February and April of 2023, the aforementioned firms responsibly disclosed vulnerabilities that may have given hostile actors access to tokens and possibly even account hijacking. These vulnerabilities have now been fixed. The issue found in Vidio is due to a lack of token verification, which allows an attacker to use an access token obtained for a different App ID—a randomly generated ID that Facebook creates for each website or application that registers through its developer portal.
MGrammarly, Vidio, and Bukalapak Platforms
https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html
• Always Use Secure Sockets Layer (SSL) • Encrypting Clients’ Secrets • Using Refresh Tokens • Choose Short Lifetime for Token Access • SSL Certificate Check
An open source data integration platform from NextGen HelathCare, Mirth Connect is discovered having unauthenticated remote code execution vulnerability. Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a standardized manner. The vulnerability is tracked as CVE-2023-43208 and has been addressed in version 4.4.1 on October. According to the report, this is an easily exploitable, unauthenticated remote code execution vulnerability. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data. It's worth noting that CVE-2023-43208 is a patch bypass for CVE-2023-37679 (CVSS score: 9.8), a critical remote command execution (RCE) vulnerability in the software that allows attackers to execute arbitrary commands on the hosting server.
• Mirth Connect
https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html
• Update to the latest version
CVE-2023-43208