Tag Archives: 0-Day

Are you still vulnerable to Stagefright? Get your Android device checked

Security Researcher Joshua Drake has published about a vulnerability in the heart of Android that could allow attackers to steal information from Android devices through remotely execute code via a crafted MMS. Potentially 95% of Android devices should be vulnerable. Have you checked yours?

The post Are you still vulnerable to Stagefright? Get your Android device checked appeared first on We Live Security.

XARA – With This Exploit Hackers Can Steal Your Passwords

Six university researchers discovered high-impact “zero-day” security weaknesses in iOS and Mac, which can be abused by getting a malicious app approved by the Apple app store – something they managed to do without any issues. Through this app they were able to access sensitive data from other apps – with dire consequences. The researchers state that “our sandboxed app successfully retrieved from the system’s keychain the passwords and secret tokens of iCloud, email and all kinds of social networks stored there by the system app Internet Accounts, and bank and Gmail passwords from Google Chrome […]”

It does sound unbelievable, doesn’t it? Just take a look at the below video to see a malicious sandboxes app on OS X steal all private notes in the Evernote app:

Or how about a look at how it is able to steal any websites’ passwords:

According to their research 88.6% of the apps they tested were found to be completely exposed to the XARA attacks. This includes popular apps like Evernote, WeChat, and 1Password: “In our study, we downloaded 1,612 free apps from the MAC App Store. These apps cover all 21 categories of the store, including social networking, finance, business, and others. In each category, we picked up all the free apps when less than 100 of them are there, and top 100 otherwise. Also from the iOS App Store, we collected 200 most popular apps, 40 each from “All Categories”, “Finance”, “Business”, “Social Networking” and “Productivity”, after removing duplications.”

The researcher informed Apple about the issues in October 2014, a fix seems to be still outstanding.

Take a look at the research paper to read all about the issue.

The post XARA – With This Exploit Hackers Can Steal Your Passwords appeared first on Avira Blog.

WordPress: Compromised Sites Leaking User Credentials

Only recently there were several reports of WordPress plugins and themes with vulnerabilities:  Last week’s XSS vulnerability, multiple ones in the eCommerce shopping card plugin The CardPress, and a Zero Day exploit in WordPress 4.2.1.

This week it seems like there is yet another one. According to researchers at Zscaler there are a couple of compromised WordPress pages out there that are all leaking credentials. “The compromised sites run backdoor code, which activates when the user submits login credentials. The credentials are encoded and sent to an attacker website in the form of a GET request. Till now, we have identified only one domain “conyouse.com” which is collecting all the credentials from these compromised sites”, the page reads.

They conclude that WordPress, as one of the most popular Content Management Systems and blogging platforms, remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.

If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.

The post WordPress: Compromised Sites Leaking User Credentials appeared first on Avira Blog.

WordPress 4.2.1 Patches Zero-Day exploit

This vulnerability is affecting all previous versions and can be leveraged via the comment section of a website running WordPress, by hiding malicious code that is executed on the server.

An attacker exploiting the flaw can execute arbitrary code on the server, create new administrator accounts, or make changes with the same privileges as the currently logged-in admin.

The bug is very similar to the one patched in 4.1.2.

The problem with this bug resides in the way WordPress stores the large comments (more than 64k): such comments are truncated when stored in the database, resulting in malformed HTML being generated.

Now one might ask why someone would allow a 64K comment in the first place. But, since it is allowed to comment in HTML, the full HTML is stored in the database.

If you add some formatting to the comment, the 64K can be consumed rather quickly.

By setting up special attributes of the supported HTML tags, the attacker can hide a short malicious JavaScript code in the comment and execute it without any visible sign when the administrator viewed it in the Dashboard before approving it.

As an immediate reaction to this exploit, WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.

You can also download WordPress 4.2.1 manually or update over to Dashboard → Updates and simply click “Update Now”.

For more information, see the release notes.

The post WordPress 4.2.1 Patches Zero-Day exploit appeared first on Avira Blog.