Active Exploitation of SolarView Compact Command Injection Vulnerabilities (CVE-2022-40881, CVE-2022-29303)

Read Time:53 Second

What is SolarView Compact?

SolarView Compact is a photovoltaic (PV) power generation measurement and monitoring device developed by Contec.

What is the Attack?

CVE-2022-29303 is a command injection vulnerability in SolarView Compact that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the test email transmission screen.
CVE-2022-40881 is a command injection vulnerability in SolarView Compat that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the network continuity check screen.

Why is this Significant?

This is significant because CVE-2022-40881 and CVE-2022-29303 are reportedly being exploited in the wild.
FortiGuard Labs advises that the patch should be applied as soon as possible

What is the Vendor Solution?

Contec released a fix for both CVE-2022-40881 and CVE-2022-29303 in version 7.21 and beyond.

What FortiGuard Coverage is available?

FortiGuard Labs has a IPS signature ” SolarView.Compact.Command.Injection” in place for CVE-2022-40881 and CVE-2022-29303.

Read More

iPhone Update — Apply It Now If You Haven’t Already

Read Time:2 Minute, 47 Second

Apple recently issued an urgent iPhone update, iOS version 16.5.1. If you haven’t updated yet, you should. 

Owners of iPads should update to iOS 16.5.1 as well. 

The update contains two critical security fixes that prevent bad actors from executing malicious code on iPhones and iPads.  

One of the fixes addresses an issue with the kernel of the device—the core code that runs iPhones and iPads. Apple reported that the issue could allow an app to execute arbitrary code with kernel privileges. With those privileges, a malicious appp could attack the device at the root level. The other addresses an issue with the operating system’s WebKit, which, if uncorrected, could process maliciously crafted web content. 

You can update to iOS 16.5.1 now by going to Settings > General > Software Update. 

The update is available for:  

iPhone 8 and later. 
iPad Pro (all models). 
iPad Air 3rd generation and later. 
iPad 5th generation and later. 
iPad mini 5th generation and later. 

Protecting your iPhone 

Keeping your operating system current on your iPhone, and all your devices, provides a strong foundation for protection. In addition to adding new features, updates often include fixes focused on security. In this case, a couple of critical security fixes. 

You have a few options for keeping on top of security updates: 

Turn on automatic updates. This will ensure that your device is running the latest and greatest version of the operating system. Additionally, you can turn on automatic updates for all your apps as well. Together, they will take the work out of keeping things current.
Check for updates yourself. Even with automatic updates turned on, you might experience slightly delayed access to the latest update. In some cases, updates get rolled out to batches of users at a time to prevent download servers from getting overwhelmed. However, manually checking for updates will provide access to the latest version regardless of where you stand in the rollout queue. This way, if you see a news story about a critical update, you can still download it right away.
Use online protection software for your phone. Protection like our McAfee+ plans include a Wi-Fi & System Scan feature that notifies you when you need to update iOS. It can also take the guesswork out of whether you are current or not—and keep you in the loop if you miss the news of an important update. McAfee+ offers far more protection from there. It now includes our WebAdvisor extension, which warns you of sketchy phishing links and unsafe downloads. Privacy protection and identity protection come included as well, along with a VPN for a more secure connection. 

Keep safe. Keep your iOS (and your apps) current. 

Aside from using online protection software, keeping your device current offers a strong defense from hacks and attacks. Updates to your operating system and apps will fix security issues and loopholes—the very sorts of things that bad actors are quick to exploit. 

You can keep current quite easily, thanks to automatic updates. Yet keeping an eye on the news remains important as well. If you catch word of an important update, grab it right away. No need to wait. 

The post iPhone Update — Apply It Now If You Haven’t Already appeared first on McAfee Blog.

Read More

Multiple Vulnerabilities in Mozilla Products Could Allow for Arbitrary Code Execution

Read Time:36 Second

Multiple vulnerabilities have been discovered in Mozilla products, the most severe of which could allow for arbitrary code execution.

Mozilla Firefox is a web browser used to access the Internet.
Mozilla Firefox ESR is a version of the web browser intended to be deployed in large organizations.
Mozilla Thunderbird is an email client.
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6207-1: Linux kernel (Intel IoTG) vulnerabilities

Read Time:1 Minute, 43 Second

It was discovered that the TUN/TAP driver in the Linux kernel did not
properly initialize socket data. A local attacker could use this to cause a
denial of service (system crash). (CVE-2023-1076)

It was discovered that the Real-Time Scheduling Class implementation in the
Linux kernel contained a type confusion vulnerability in some situations. A
local attacker could use this to cause a denial of service (system crash).
(CVE-2023-1077)

It was discovered that the ASUS HID driver in the Linux kernel did not
properly handle device removal, leading to a use-after-free vulnerability.
A local attacker with physical access could plug in a specially crafted USB
device to cause a denial of service (system crash). (CVE-2023-1079)

It was discovered that the Xircom PCMCIA network device driver in the Linux
kernel did not properly handle device removal events. A physically
proximate attacker could use this to cause a denial of service (system
crash). (CVE-2023-1670)

It was discovered that a race condition existed in the Xen transport layer
implementation for the 9P file system protocol in the Linux kernel, leading
to a use-after-free vulnerability. A local attacker could use this to cause
a denial of service (guest crash) or expose sensitive information (guest
kernel memory). (CVE-2023-1859)

Jose Oliveira and Rodrigo Branco discovered that the Spectre Variant 2
mitigations with prctl syscall were insufficient in some situations. A
local attacker could possibly use this to expose sensitive information.
(CVE-2023-1998)

It was discovered that the BigBen Interactive Kids’ gamepad driver in the
Linux kernel did not properly handle device removal, leading to a use-
after-free vulnerability. A local attacker with physical access could plug
in a specially crafted USB device to cause a denial of service (system
crash). (CVE-2023-25012)

It was discovered that a use-after-free vulnerability existed in the HFS+
file system implementation in the Linux kernel. A local attacker could
possibly use this to cause a denial of service (system crash).
(CVE-2023-2985)

Read More

USN-6206-1: Linux kernel (OEM) vulnerabilities

Read Time:1 Minute, 5 Second

Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

It was discovered that the NTFS file system implementation in the Linux
kernel contained a null pointer dereference in some situations. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2022-4842)

Seth Jenkins discovered that the CPU data to memory implementation for x86
processors in the Linux kernel did not properly perform address
randomization. A local attacker could use this to expose sensitive
information (kernel memory) or in conjunction with another kernel
vulnerability. (CVE-2023-0597)

It was discovered that the XFS file system implementation in the Linux
kernel did not properly perform metadata validation when mounting certain
images. An attacker could use this to specially craft a file system image
that, when mounted, could cause a denial of service (system crash).
(CVE-2023-2124)

It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

Read More

USN-6205-1: Linux kernel (GKE) vulnerabilities

Read Time:25 Second

Hangyu Hua discovered that the Flower classifier implementation in the
Linux kernel contained an out-of-bounds write vulnerability. An attacker
could use this to cause a denial of service (system crash) or possibly
execute arbitrary code. (CVE-2023-35788, LP: #2023577)

It was discovered that for some Intel processors the INVLPG instruction
implementation did not properly flush global TLB entries when PCIDs are
enabled. An attacker could use this to expose sensitive information
(kernel memory) or possibly cause undesired behaviors. (LP: #2023220)

Read More