Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser.
The post Google Temporarily Offering $180,000 for Full Chain Chrome Exploit appeared first on SecurityWeek.
The all in one place for non-profit security aid.
Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser.
The post Google Temporarily Offering $180,000 for Full Chain Chrome Exploit appeared first on SecurityWeek.
Apple Opens Application for Security Research Device Program
Apple launched the Security Research Device (SRD) program, enabling security researchers to examine the security features of a specially-built hardware variant of the iPhone 14 Pro.
Apple Security Bounty is also available for security flaws discovered using a Security Research Device, with a maximum reward of $500,000.
“From today through October 31, we invite security researchers to apply for the 2024 iPhone Security Research Device Program (SRDP) to jump-start their iPhone research, work with our security teams to help protect users, and qualify for Apple Security Bounty rewards”, Apple announced.
According to Apple, SRDP researchers have found 130 high-impact, security-critical flaws in the previous four years. Their insights have aided them in putting new defenses in place to safeguard their platforms.
Researchers can do iOS security research using the Security Research Device (SRD), a specially fused iPhone, without bypassing its security measures.
It allows you to run any tools, select your entitlements, and even modify the kernel using shell access, which is provided.
Notably, by using the SRD, you can confidently inform Apple of every discovery without having to worry about losing access to iOS security’s innermost levels.
Additionally, any vulnerabilities you find using the SRD are automatically taken into account for the Apple Security Bounty.
“The central feature of SRDP is the Security Research Device — a specially-built hardware variant of iPhone 14 Pro that’s designed exclusively for security research, with tooling and options that allow researchers to configure or disable many advanced security protections of iOS that cannot be disabled on normal iPhone hardware in the hands of users”, Apple explains.
Install and boot custom kernel caches.
Run arbitrary code with any entitlements, including as platform and as root outside the sandbox.
Set NVRAM variables.
Install and boot custom firmware for Secure Page Table Monitor (SPTM) and Trusted Execution Monitor (TXM), new in iOS 17.
Only security research in a controlled environment is intended for usage of the SRD. If your application is accepted, the company will give you an SRD in the form of a 12-month loan that is renewable. The device stays Apple’s property throughout this period.
Have a track record of success in discovering security flaws on Apple platforms or other current operating systems and platforms.
be a resident of an acceptable nation or area.
Be at least 18 years old, which is generally considered to be the legal age of majority in the country where you now reside.
Not presently or during the past 12 months been working for Apple.
“We’re also making SRDs available to select educators at the university level who would like to use it as a teaching tool to introduce computer science students to security research. Educators can request to authorize multiple users for use in their classroom or lab”, Apple said.
The final day to submit an online application is October 31, 2023. By year’s end, the company will review all entries, and in early 2024, they will contact the chosen participants.
Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.
The post Apple Opens Application for Security Research Device Program appeared first on Cyber Security News.
Cyber Security News
SpectralBlur: New macOS Backdoor Threat from North Korean Hackers
Cybersecurity researchers have discovered a new Apple macOS backdoor called SpectralBlur that overlaps with a known malware family that has been attributed to North Korean threat actors.
“SpectralBlur is a moderately capable backdoor that can upload/download files, run a shell, update its configuration, delete files, hibernate, or sleep, based on commands issued from the [ Read More
The Hacker News | #1 Trusted Cybersecurity News Site
Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published
[[{“value”:”
Security researchers have uncovered a critical vulnerability in the Linux kernel’s io_uring subsystem, which could allow attackers to gain full root access to affected systems.
The flaw, tracked as CVE-2024-0582, was found to be particularly exploitable in Ubuntu distributions due to a delay in patching despite the vulnerability being addressed in the stable kernel release in December 2023.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
The vulnerability stems from a use-after-free (UAF) condition in the io_uring interface, a feature introduced in Linux kernel version 5.1 to improve the performance of applications with high I/O operations.
Despite its benefits, io_uring has been a hotbed for security vulnerabilities, leading to its restriction or outright disablement in environments like ChromeOS, Google’s production servers, and Android.
CVE-2024-0582 allows an attacker to gain read and write access to previously freed pages, offering a potent exploit primitive far beyond the typical UAF exploit.
This vulnerability was present in Linux kernel versions from 6.4 up to, but not including, 6.7, affecting major Ubuntu releases such as Ubuntu 23.10 and Ubuntu 22.04 LTS.
Exodus Intelligence has recently released a report on a flaw found in the Linux Kernel. The flaw allows an attacker to obtain elevated privileges on a system by exploiting a vulnerability in the Futex subsystem.
December 8, 2023: The vulnerability was patched in the stable kernel release 6.6.5.
January 8, 2024: The Project Zero issue detailing CVE-2024-0582 was made public.
February 22, 2024: Ubuntu finally patched the issue in kernel version 6.5.0-21 for Ubuntu 22.04 LTS and Ubuntu 23.10.
CVE-2024-0582’s exploitability lies in its ability to allow data-only exploits, bypassing common exploit mitigations like Control-Flow Integrity (CFI).
Attackers can manipulate data to escalate privileges without altering the code execution flow. This vulnerability was exploited using a data-only strategy, enabling a non-privileged user to achieve root privileges on affected systems.
According to a recent tweet by Cyber Advising, a memory leak vulnerability has been identified as CVE-2024-0582 in the Linux kernel’s io_uring functionality.
CVE-2024-0582: memory leak flaw was found in the Linux kernel’s io_uring functionality .. IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.
— Cyber Advising (@cyber_advising) March 31, 2024
io_uring offers a high-performance, asynchronous I/O API, reducing the overhead caused by blocking system calls and data transfers between user and kernel space. However, its complexity has made it a target for vulnerability research.
The io_uring API consists of three system calls:
io_uring_setup()
io_uring_register()
io_uring_enter()
The exploitation strategy triggered the UAF condition by manipulating io_uring’s provided buffer rings, explicitly using the IOU_PBUF_RING_MMAP flag.
MMap the buffer ring
This allowed attackers to retain access to memory pages even after they were freed and reallocated by the kernel for other purposes, such as file structures (struct file).
Allocating file structures within a controlled page
By forcing the allocation of file structures on these controlled pages, attackers could modify critical fields, such as f_mode, to gain writable access to read-only files, including /etc/passwd.
This effectively allowed the addition of a backdoor account with root privileges.
The discovery and exploitation of CVE-2024-0582 highlight significant concerns regarding the security of the io_uring subsystem and the timely patching vulnerabilities in widely used distributions like Ubuntu.
The two-month patch gap for Ubuntu kernels allowed attackers to exploit this vulnerability, underscoring the importance of rapid vulnerability response processes.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Linux Kernel Flaw Let Attackers Gain Full Root Access: PoC Published appeared first on Cyber Security News.
“}]] Read More
Cyber Security News