Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones. What is a Rowhammer attack? “The Rowhammer attack targets the design of DRAM memory. On a system where the DRAM is insufficiently refreshed, targeted operations on a row of DRAM memory may be able to influence the memory values on neighboring rows,” the...
Read More
Two vulnerabilities affecting over one million routers, and disclosed earlier this week, are now under attack by botnet herders, who are trying to gather the vulnerable devices under their control. Attacks started yesterday, Thursday, May 3, according to Netlab, the network security division of Chinese cyber-security vendor Qihoo 360. Exploitation of these two flaws started after on Monday, April 30, an anonymous researcher published details of the...
Read More
Description: VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older was found to be vulnerable to an unbounded memory allocation issue, as it did not throttle the framebuffer updates sent to its client. If the client did not consume these updates, VNC server allocates growing memory to hold onto this data. A malicious remote VNC client could use this flaw to cause DoS to...
Read More
Description: An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x through 16.1.1. By detaching and reattaching an encrypted volume, an attacker may access the underlying raw volume and corrupt the LUKS header, resulting in a denial of service attack on the compute host. (The same code error also results in data loss, but that is not a vulnerability because the user loses...
Read More
Description: An issue was discovered in Xen through 4.10.x allowing guest OS users to cause a denial of service (hypervisor crash) or gain privileges by triggering a grant-table transition from v2 to v1. Impact: An attacker can exploit this issue to crash the host, denying service to legitimate users. Xen 4.0 and later are vulnerable. Mitigation: Updates are available. Please see the references or vendor...
Read More
Description: RCS module in Huawei ALP-AL00B smart phones with software versions earlier than 8.0.0.129, BLA-AL00B smart phones with software versions earlier than 8.0.0.129 has a remote-control vulnerability. An attacker can trick a user to install a malicious application. When the application connects with RCS for the first time, it needs user to manually click to agree. In addition, the attacker needs to obtain the key...
Read More
Description: Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, LON-AL00BC00B229, LON-L29DC721B188 have a memory double free vulnerability. The system does not manage the memory properly, that frees on the same memory address twice. An attacker tricks the user who has root privilege to install a crafted application, successful exploit could result in malicious code execution. Impact: An attacker tricks the user who has root...
Read More
Description: A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. To exploit the vulnerability, an attacker would place malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could cause a container management service utilizing the Host Compute Service Shim library to execute malicious...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code execution...
Read More
Modern-day vehicles have become overly digitized for the sake of offering advanced technicality to drivers. However, being digital cannot ensure optimal security and the same has been the case with smart cars. Security researchers Daan Keuper and Thijs Alkemade from Computest claim that some of the car models manufactured by Audi and Volkswagen contain a flaw that can be exploited by attackers easily over the...
Read More
