The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
Monthly Archives: December 2015
CVE-2015-7885 (linux_kernel)
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application.
CVE-2015-7990 (linux_kernel)
Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.
CVE-2015-8374 (linux_kernel)
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action.
CVE-2015-8543 (linux_kernel)
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application.
CVE-2015-8569 (linux_kernel)
The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application.
CVE-2015-8660 (linux_kernel)
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application.
China Passes Anti-Terrorism Law; Here's What You Need to Know
If you rely on encrypted services to keep your data private and, unfortunately, you are in China, then you are about to be worried.
As of now Chinese government could snoop into the operations of technology companies as well as circumvent privacy protections in everyday gadgets.
China So-called Anti-Terrorism Law
Despite months of objections from major technology firms and concerns
Somebody Offered Money to Raspberry Pi Foundation for Pre-Installing Malware
The Raspberry Pi is now gaining attention from malware distributors who want the popular mini-computers to deliver with pre-install malware.
The Raspberry Pi Foundation has made a shocking revelation that the charitable foundation has been offered money to install malware onto the Raspberry Pi machines before they were shipped out to users.
<!– adsense –>
The Raspberry Pi is an
Apple implements security measures following disastrous year
Following a spate of security breaches and concerns, Apple has taken the steps to ensure that 2016 doesn’t see a repeat of the software problems that it suffered in recent months. The security measures have been widespread, with updates to their operating systems for mobile (iOS) and Mac (OS X), its television service (Apple TV), the Safari web browser, and the operating system for its much publicized smartwatch (watchOS).
This move was prompted by the worrying number of vulnerabilities that were present in its software. To give you some idea of the state of array that Apple found itself in, when an update for the 9.2 version of iOS was released, it was said to include a solution for more than fifty security issues that had been discovered, while the number of problems on OS X were said to have reached more than one hundred.
Nearly half of those vulnerabilities allowed for a cyber attacker to take control of the device by accessing it via a malicious application that had been unwittingly installed.
It seems strange that Apple has to patch up security issues in its software when, for many years, fans of the brand vehemently boasted that there were no malware risks that could damage the luster of the brand.
However, it turns our this is false, and not only have threats existed for decades, but the past year has been one of the most devastating in the brand’s history.
According to a recent study, the number of malicious programs created for the Mac operating system in 2015 was five times higher than the total amount created in the previous five years, making it a low point for the security of Apple devices and its users.
This bad news comes with an ironic silver lining for Apple – if there are more and more malware samples being created for its operating it systems, it means that the brand itself is becoming more popular. Until now, keeping in mind that Windows (or Android, in the case of mobile devices) has the lion’s share of the market, it was logical to think that cybercriminals would put more effort into taking advantage of the Microsoft operating system.
However, this growth means that Apple is now looking more and more attractive to cybercriminals, as they look to get bigger rewards from their malware. The company ended the year having covered up many holes in its security armor, but that’s just the start of it – it’s likely that the next year will see more holes that need covering up.
More | Panda Antivirus for Mac
The post Apple implements security measures following disastrous year appeared first on MediaCenter Panda Security.