October 29, 2023

iLeakage: New Safari Exploit Impacts User Privacy

Description

In the realm of cybersecurity, a newly uncovered threat has emerged – iLeakage. This sophisticated exploit is targeting the popular Apple Safari browser, compromising user privacy in unforeseen ways. Discover the critical information you need to stay protected. Learn about remedies to secure your online activities and safeguard your digital world. Find out how this exploit affects the technology you rely on, particularly Apple devices. Stay ahead of this emerging threat to keep your personal data safe.

Infected Technology

Safari web browser, which is widely used on Apple devices, including iPhones, iPads, and Mac computers.

Source

https://thehackernews.com/2023/10/ileakage-new-safari-exploit-impacts.html

Recommendation

Ensure your Safari browser is up-to-date with the latest security patches to mitigate the risk of exploitation.

Unauthenticated Remote Code Execution in F5 Systems

Description

A critical security flaw, identified as CVE-2023-46747 with a CVSS score of 9.8, has been found in F5 systems. This vulnerability allows unauthenticated remote code execution via the configuration utility. An attacker with network access through the management port and self-IP addresses can execute arbitrary system commands, posing a control plane risk. This vulnerability is closely related to CVE-2022-26377, involving authentication bypass and potential full system compromise.

Infected Technology

F5 Systems

Source

https://cybersecuritynews.com/big-ip-rce-flaw/

Recommendation

• Limit internet access to the Traffic Management User Interface (TMUI) • Update to fixed releases which have been provided for affected BIG-IP versions

Google Chrome Security Flaw Let Attackers Crash the Browser

Description

Google rolled out fixes to address a new actively exploited zero-day in the Chrome browser. The vulnerability has been described as a “Heap-Based Buffer Overflow” in VP8 compression format in libvpx, a free software video codec library from Google and the Alliance for Open Media (AOMedia). The exploitation of this buffer overflow flaw can result in program crashes or execution of arbitrary code with the loss of availability and data integrity. This vulnerability has been tracked as CVE-2023-5217 after the Google’s Threat Analysis Group discovered and reported on September. Futher details have not been disclosed other than to acknowledge that exploits for CVE-2023-5217 exists in the wild"

Infected Technology

• Google Chrome

Source

https://cybersecuritynews.com/chrome-security-crash-browser/

Recommendation

• Users must update to the most recent version of Google Chrome to prevent exploiting vulnerabilities.

CVE ID

CVE-2023-5217

Critical OAuth Flaws Uncovered in Grammarly, Vidio, and Bukalapak Platforms

Description

Building on earlier vulnerabilities found in Booking[.]com and Expo, serious security issues have been exposed in the Open Authorization (OAuth) implementation of well-known web services like Grammarly, Vidio, and Bukalapak. Between February and April of 2023, the aforementioned firms responsibly disclosed vulnerabilities that may have given hostile actors access to tokens and possibly even account hijacking. These vulnerabilities have now been fixed. The issue found in Vidio is due to a lack of token verification, which allows an attacker to use an access token obtained for a different App ID—a randomly generated ID that Facebook creates for each website or application that registers through its developer portal.

Infected Technology

MGrammarly, Vidio, and Bukalapak Platforms

Source

https://thehackernews.com/2023/10/critical-oauth-flaws-uncovered-in.html

Recommendation

• Always Use Secure Sockets Layer (SSL) • Encrypting Clients’ Secrets • Using Refresh Tokens • Choose Short Lifetime for Token Access • SSL Certificate Check

Critical Flaw in NextGen’s Mirth Connect Lead To Remote Code Execution

Description

An open source data integration platform from NextGen HelathCare, Mirth Connect is discovered having unauthenticated remote code execution vulnerability. Mirth Connect is a cross-platform interface engine used in the healthcare industry to communicate and exchange data between disparate systems in a standardized manner. The vulnerability is tracked as CVE-2023-43208 and has been addressed in version 4.4.1 on October. According to the report, this is an easily exploitable, unauthenticated remote code execution vulnerability. Attackers would most likely exploit this vulnerability for initial access or to compromise sensitive healthcare data. It’s worth noting that CVE-2023-43208 is a patch bypass for CVE-2023-37679 (CVSS score: 9.8), a critical remote command execution (RCE) vulnerability in the software that allows attackers to execute arbitrary commands on the hosting server.

Infected Technology

• Mirth Connect

Source

https://thehackernews.com/2023/10/critical-flaw-in-nextgens-mirth-connect.html

Recommendation

• Update to the latest version

CVE ID

CVE-2023-43208