Android phones are vulnerable to attacks that allow a remote execution of malicious code and it requires no user interaction.

Android phones are vulnerable to attacks that could allow someone to takeover a device remotely without the device owner needing to do anything.

Updates for these vulnerabilities and more are included in Google’s Android security bulletin for December. In total, there are patches for 94 vulnerabilities, including five rated as “Critical.”

The most severe of these flaws is a vulnerability in the System component that could lead to remote code execution (RCE) without any additional execution privileges required. User interaction is not needed for exploitation.

This vulnerability, referenced as CVE-2023-40088, affects a function that is used for Bluetooth communication, so the “remote” part is limited to “close range” since the average Bluetooth range is about 30 feet (10 meters). Successful manipulation with a specially crafted input leads to a use after free vulnerability. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Another critical vulnerability (CVE-2023-40077) that looks problematic is an Elevation of Privilege (EoP) vulnerability in the Android Framework. Successful exploitation could lead to a race condition. A race condition, or race hazard, is the behavior of a system where the output depends on the sequence or timing of other uncontrollable events. It becomes a bug when events do not happen in the order the programmer intended. In this case it could provide a successful attacker with permissions to perform actions they shouldn’t be able to.

Security patch levels of 2023-12-05 or later address all of these issues. To learn how to check a device’s security patch level, see how to check and update your Android version. The updates have been made available for Android 11, 12, 12L, 13, and 14. Android partners are notified of all issues at least a month before publication, however, this doesn’t always mean that the patches are available for devices from all vendors. Android vendors such as Samsung and OnePlus have pledged to release security updates once a month. Google usually ships out security updates to Pixel phones within two weeks or sooner.

**We don’t just report on vulnerabilities—we identify them, and prioritize action.**

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using ThreatDown Vulnerability and Patch Management.

 Android phones can be taken over remotely &#8211; update when you can 

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.
Tracked as CVE-2023-45866, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.
"Multiple Bluetooth stacks have authentication bypass

Mobile Security / Vulnerability

A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices.

Tracked as **CVE-2023-45866**, the issue relates to a case of authentication bypass that enables attackers to connect to susceptible devices and inject keystrokes to achieve code execution as the victim.

"Multiple Bluetooth stacks have authentication bypass vulnerabilities that permit an attacker to connect to a discoverable host without user confirmation and inject keystrokes," said security researcher Marc Newlin, who disclosed the flaws to the software vendors in August 2023.

Specifically, the attack deceives the target device into thinking that it's connected to a Bluetooth keyboard by taking advantage of an "unauthenticated pairing mechanism" that's defined in the Bluetooth specification.

Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and transmit keystrokes to install apps and run arbitrary commands.

It's worth pointing out that the attack does not require any specialized hardware, and can be performed from a Linux computer using a regular Bluetooth adapter. Additional technical details of the flaw are expected to be released in the future.

The vulnerability affects a wide range of devices running Android (going back to version 4.2.2, which was released in November 2012), iOS, Linux, and macOS.

Further, the bug affects macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the vulnerable device. It also works in Apple's LockDown Mode, which is meant to secure against sophisticated digital threats.

In an advisory released this month, Google said CVE-2023-45866 "could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed."

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden.
"Push notifications are alerts sent by phone apps to users' smartphones," Wyden said.
"These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden.

"Push notifications are alerts sent by phone apps to users' smartphones," Wyden said.

"These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of that structure, the two companies have visibility into how their customers use apps and could be compelled to provide this information to U.S. or foreign governments."

Wyden, in a letter to U.S. Attorney General Merrick Garland, said both Apple and Google confirmed receiving such requests but noted that information about the practice was restricted from public release by the U.S. government, raising questions about the transparency of legal demands they receive from governments.

When mobile apps for Android and iOS send push notifications to users' devices, they are routed through Apple and Google's own infrastructure known as the Apple Push Notification (APN) service and Firebase Cloud Messaging, respectively. Microsoft and Amazon have similar systems in place called Windows Push Notification Service (WNS) and Amazon Device Messaging (ADM).

UPCOMING WEBINAR

Cracking the Code: Learn How Cyber Attackers Exploit Human Psychology

Ever wondered why social engineering is so effective? Dive deep into the psychology of cyber attackers in our upcoming webinar.

Join Now

As a result, the letter alleges that both companies can be compelled by governments to hand over the information. It's currently not clear which governments have sought notification data from Apple and Google.

That said, the U.S. is one among them, according to the Washington Post, which found more than two dozen search warrant applications related to federal requests for push notification data.

"The data these two companies receive includes metadata, detailing which app received a notification and when, as well as the phone and associated Apple or Google account to which that notification was intended to be delivered," the letter read.

"In certain instances, they also might also receive unencrypted content, which could range from backend directives for the app to the actual text displayed to a user in an app notification."

It also urged that Apple and Google should be permitted to disclose whether they have facilitated this practice, and if so, publish aggregate statistics about the number of demands they receive, and notify specific customers about demands for their data.

In a statement shared with Reuters, which first reported the development, Apple said the letter gave them the "opening" they needed to share more details about how governments monitored push notifications.

"When users allow an application they have installed to receive push notifications, an Apple Push Notification Service (APNs) token is generated and registered to that developer and device," Apple now notes in its updated Legal Process Guidelines document \[PDF\].

"Some apps may have multiple APNs tokens for one account on one device to differentiate between messages and multi-media. The Apple ID associated with a registered APNs token may be obtained with a subpoena or greater legal process."

Google, meanwhile, noted that it already publishes this information in its transparency reports although it's not specifically broken down by government requests for push notification records.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Governments May Spy on You by Requesting Push Notifications from Apple and Google

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion.

Make appointment booking and online scheduling easy with our time slot booking system!

Version: 3.3

Time Slots Booking Calendar is a real-time appointment calendar and online booking system that allows clients to book appointments with you. With the Time Slots Booking Calendar, you can schedule meetings both for individual and group appointments, while avoiding double bookings. Whether you're a hairdresser, therapist, or wellness worker, this is the perfect appointment booking software for your booking page. The setup is simple, with copy-paste script integration. Let your visitors schedule appointments, easily!

**Time Slots Booking Calendar**

*   Highlights
*   Features
*   Demo
*   Faq
*   Pricing

**Product Highlights**

Does your business involve scheduled services? Then you should consider adding a simple appointment scheduling software to your website to help you automate the booking process. Here are the features you can benefit from with our Time Slots Booking Calendar:

Configure time slots

Configure time slot length and add either regular or custom time slot lengths for any calendar date.

Front-end layouts

There are two front-end layouts for Time Slots Booking Calendar that work well both for iOS and Android devices. Switch between them using a simple drop-down menu.

Accept deposit payments

The time slot calendar supports online payments via PayPal, Authorize.net, as well as credit card payments and wire transfers.

Translate the calendar

Translate the booking calendar to any language you like thanks to a simple built-in language editor available in the Admin Panel.

Manage working hours

Edit and update your business hours as well as regular and custom work dates. This includes editing slot lengths, displaying lunch breaks, and adding days off.

Email & SMS notifications

Set default email & SMS reminders and send them out both to your own staff as well as clients to help reduce cancellations and no-shows.

Book group appointments

Use the time slot booking system to set up an online booking system for reserving group appointments.

Make custom changes

Get the Developer License and modify the Time Slots Booking Calendar according to your needs. Or ask us to do it for you! Compare licenses

SPECIAL OFFER

**Time Slots Booking Calendar for €4.59 Only**

Get all 65 PHPJabbers scripts in a bundle for just €279.

**Live Demo**

Below is a preview of the Time Slots Booking Calendar. You can see both the front and the back-end view and test out all the functionalities.  
If you have any questions, do not hesitate to contact us.

**Time Slots Booking Calendar**

**Key Benefits**

Script Modifications

Remote Hosting

High Performance

Installation Support

Extended Licence

**Pricing**

You can buy the Time Slots Booking Calendar both with a Developer and a User License – compare them below.  
Do you need a custom modification? We'll happily do it for you! Just contact us, describe what you need, and we'll send you a quote!

Mega Sale deal

€4.59

per script

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Contact us and you'll receive quotation for the custom changes you may need

buy now

Free installation support

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

Mega Sale deal

€4.59 per script

Get 65 PHP Scripts

Modify the code

Copyright removal

Apply for Extended Licence and advertise our product on your website

Unlimited installations

Free updates

Get all minor updates for free

Custom modifications

Modify the software on your own or contact us and we will give you a quote

buy now

LIMITED OFFER

Get the Mega Sale bundle deal with all the PHP scripts you'll ever need for a total of

€279

VIEW DETAILS

**Testimonials**

Let our clients share their experience with our appointment booking calendar and how the script has improved their online business.

“

Having wasted 3 days on finding a workable open source calendar booking script I finally decided to buy your excellent Time Slots Booking Calendar in order to run a tennis court booking system. The script was 90% perfect for the job but required some key modifications such as repeat and block booking and deletion. The service provided by PHPJabbers was incredibly fast, efficient and inexpensive. Thank you to Alexander 'Sasho' Valkanov for a superb job. I am happy to thoroughly recommend your PHP booking scripts and service to everyone. Fantastic service, really impressed.  
U2R Design, United Kingdom

Chris Woods

“

I am really happy to have found PHPJabbers.com. This is the first time I outsourced work and so I was quite nervous about doing it. But PHPJabbers team did a great job. They were able to make all the modifications I requested on quite a difficult booking system job. Kosta Todorov is very smart. I couldn't ask for a better team.

Mia Johnson

“

PHPjabbers has the most in-depth calendar software solution I've found on the web. The time slot booking system functions are great and offers everything we need and more. More importantly, the support we have received has been the best ever!!! They are fast, reliable and affordable. Thank you so much for making this booking calendar script such a wonderful solution for us!

Zach Kosturos

**FAQ & Knowledge Base**

Pre-Sale FAQ

Read the most Frequently Asked Questions about this script, its features and use.

Support Service FAQ

Read more about our Support Service and how we can help you install Time Slots Booking Calendar.

Custom Mods FAQ

Do you need something changed? We offer customization services.

How to install a Script

See how easy it is to install the script. Just follow the instructions or leave it all to us.

FTP Clients

See how to upload our scripts using different FTP clients.

PHP Framework Used

We use our own in-house build framework which is really easy to understand and work with.

Our Services

We offer a wide range of web development       services.

License Types Explained

User and Developer licence available. We also have a special Extended Licence for webmasters.

Didn’t find exactly what you were looking for?

Contact Us

**Related Scripts**

**Appointment Scheduler**

**Availability Booking Calendar**

**Event Booking Calendar**

**Class Scheduling System**

**Service Booking Script**

**Event Ticketing System**

CVE-2023-48833: Time Slots Booking Calendar | PHPJabbers

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. An attacker can use GATT characteristic handle 0x0012 to perform potentially disruptive actions such as starting a Heart Rate monitor.

Home Maxima Max Pro Power

Rs. 12,995.00 Rs. 2,999.00

283 customers are viewing this product

*   Description
*   Customer Reviews
*   Shipping & Returns

Maxima Power 1.43" Super AMOLED Bluetooth Calling Smart Watch, 466x466dpi Ultra Resolution, 60hz Refresh, Metallic Build, Hindi UI, AI Voice Assistant, BT 5.2 for Seamless Connection.

Experience the pinnacle of technology with the Maxima Max Pro Power Amoled Smartwatch. Its advanced features include Bluetooth calling, enabling you to make and receive calls directly from your wrist. The Super AMOLED Display with a resolution of 466x466 pixels delivers stunning visuals with vibrant colors. With Hindi UI support, navigating through the watch's interface becomes effortless. Stay seamlessly connected with BT5.2 technology, ensuring stable connections with your devices. Choose from over 100 sports modes to track your fitness activities accurately. Customize your watch face from a collection of over 100 options to match your style. Monitor your heart rate, sleep patterns, and blood oxygen levels with precision. With its premium metallic build, this smartwatch is a perfect blend of elegance and durability, making it a must-have accessory for the modern individual.

*   **Made In India**: Proudly manufactured in India, ensuring high-quality craftsmanship and supporting local industries.
*   **Bluetooth calling**: Stay connected on the go by making and receiving calls directly from your smartwatch.
*   **Super AMOLED Display**: Immerse yourself in stunning visuals and vibrant colors on the Super AMOLED display
*   **466x466px dpi resolution**: Enjoy sharp and detailed images with the high-resolution display with 1000 Nits Brightness
*   **Hindi UI Support**: Navigate the watch's interface effortlessly with user-friendly support for the Hindi language.
*   **BT5.2 for Seamless Connection**: Experience stable and reliable connections with Bluetooth 5.2 technology.
*   **100+ Sports Mode**: Track and monitor over 100 different sports activities to stay motivated and reach your fitness goals
*   **100+ Watch Faces**: Personalize your smartwatch's look with a wide range of watch face options to suit your style.
*   **Heart Rate Monitor**: Keep track of your heart rate to optimize your workouts and monitor your overall cardiovascular health.
*   **Sleep Monitor**: Gain insights into your sleep patterns, including deep sleep and REM cycles, to improve your sleep quality.
*   **SpO2 Monitor**: Measure your blood oxygen saturation levels to ensure optimal respiratory health during physical activities.
*   **Premium Metallic Build**: Designed with a premium metallic construction, the smartwatch combines style and durability for a sophisticated and long-lasting design.

**Specification**

Model

Max Pro Power

Dimensions

46.5 x 46.5 X 10.65 mm

Strap Variant

Silicone, SS Metal Chain

Strap Length

90 x 120 mm

Weight

30gm (Watch Head) 46.8gm (Watch Head + Strap)

Water Resistant

IP68 Water Resistant

Body Material

Premium Metal

Display

Ultra Bright Screen Topping 1000 Nits

Touch Screen

1.43" Super Amoled Precision Retina Display

Bluetooth

5.2

Charging Time

Less than 2 hrs.

Charging Method

Magnetic Pin Charger

Battery Life

Upto 3 Days with calling & Upto 7 Days without Calling Function

Supported Devices

Android 8.0 / IOS 9.0 and above

In the box

Smartwatch, Charger, Service Manual/ Guarantee card

Warranty

1 year. Please make sure to activate your warranty

Supported App

FitCloud Pro

Strap Colours

Jet Black SS Chain, Space Black, Rose Gold Black, Blue

  
  

**Shipping**

Shipping is free across India on all our products.

**7 DAYS RETURN/ REPLACEMENT/ REFUND POLICY**

P A Time Industries Unit-II offers 7 days replacement/return/refund guarantee for all products sold on smart.maximawatches.com. Customers may notify us of any damage or defect within 7 days from the date of delivery. P A Time Industries Unit-II will replace the defective product with a brand new product at no extra cost. P A Time Industries Unit-II will try to replace the specific product ordered. However, the company reserves the right to offer an alternate product in case the product is out of stock/ production. The 7 days return policy is valid only in cases of manufacturing defects and transport damages and is invalid in cases of damages due to normal wear & tear and negligence on part of the customer. Refunds are issued in the following two ways Product replacement - In case of damaged or incorrect items P A Time Industries Unit-II would replace it with a new one, upon receipt of the returned item In case you do not wish to receive the replacement, you may specify that in your communication with our customer service by phone or e-mail. You would receive maxima store credit of the equivalent amount. We do not provide cash refunds.

CVE-2023-46916: Maxima Max Pro Power

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.

CVE-2023-41913: Releases · strongswan/strongswan

By Waqas
Kali Linux Unveils Feature Rich 2023.4 Release with Cloud ARM64, Vagrant Hyper-V, Raspberry Pi 5, and More!
This is a post from HackRead.com Read the original post: Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

Attention Kali Linux enthusiasts! Your holiday treat has arrived with the release of Kali Linux 2023.4, packed with a plethora of new features. Download now and elevate your Kali experience!

As 2023 draws to a close, **Kali Linux** enthusiasts are in for a treat with the latest release, Kali Linux 2023.4. Packed with innovative features and improvements, this update focuses on expanding platform support and refining existing capabilities.

****Cloud ARM64 Marketplaces Integration****

One standout feature is the addition of ARM64 support on Amazon AWS and Microsoft Azure marketplaces. This enhancement not only provides users with more flexibility in instance options but also promises an improved price-to-performance ratio. While Kali Linux has consistently prioritized ARM architecture, the team acknowledges ongoing efforts to ensure broader compatibility.

****Vagrant Hyper-V Support for Seamless Virtualization****

Kali Linux’s Vagrant offering receives a significant upgrade with added support for Hyper-V environments. Targeted at users familiar with Vagrant’s command-line interface, this feature allows for seamless management of virtual machines.

Users can customize their Kali environments by defining various parameters such as operating system, CPU, RAM, storage, networking, and additional scripts or commands for installation and configuration.

****Raspberry Pi 5 Compatibility****

Exciting news for Raspberry Pi enthusiasts as Kali Linux introduces dedicated support for the latest Raspberry Pi 5. Users can either download the pre-built image directly or automate the process using Raspberry Pi Imager. While the image is currently in a BETA state and limited to ARM64 architecture, the Kali team expresses optimism about additional flavours in the future.

****Embracing GNOME 45 for Enhanced User Experience****

Kali Linux now integrates with the latest GNOME 45, bringing aesthetic improvements and functionality enhancements. Users opting for GNOME as their desktop environment can enjoy features like full-height sidebars, faster search in the Nautilus file manager, and updated themes for various components. Despite some pending updates for Nautilus, the overall user experience is expected to be more refined.

****Revamped Internal Infrastructure with Mirrorbits****

Undergoing significant infrastructure changes, Kali Linux bids farewell to MirrorBrain and welcomes Mirrorbits as the new “mirror redirector.” This essential service, responsible for directing requests to the nearest mirror, has undergone a successful migration.

Leveraging modern technologies like Go and Redis, Mirrorbits proves to be a robust solution, initially developed by Ludovic Fauvet for the VLC media player. The transition, though not without challenges, reflects Kali’s commitment to improving user-facing services.

****Introduction of New Tools and Packages****

True to Kali tradition, the 2023.4 release introduces a host of new tools and updates to existing ones. Notable additions include:

*   **cabby:** TAXII client implementation
*   **h8mail:** Email OSINT and Password breach hunting tool
*   **ReconSpider:** Most Advanced Open Source Intelligence (OSINT) Framework
*   **SPIRE:** SPIFFE Runtime Environment for establishing trust between software systems

Additionally, various packages have been updated, and the Kali kernel has been bumped to version 6.5.0.

****Continued Kali NetHunter and ARM Updates****

The Kali NetHunter community remains active, showcasing impressive feats such as Doom running on Kali NetHunter TicWatch Pro 3 and speedy installations on Android 14. While ARM updates are relatively minimal, the inclusion of Raspberry Pi 5 support stands out as a significant addition.

As Kali Linux enthusiasts eagerly await the new release, the team encourages users to explore fresh images or update existing installations using the provided instructions. The live voice chat session with the Kali team on Discord offers an opportunity for direct interaction and Q&A.

To update your existing Kali Linux to Kali Linux 2023.4, use the following commands:

    ┌──(kali㉿kali)-[~]
    └─$ echo "deb http://http.kali.org/kali kali-rolling main contrib non-free non-free-firmware" | sudo tee /etc/apt/sources.list
    [...]
    
    ┌──(kali㉿kali)-[~]
    └─$ sudo apt update && sudo apt -y full-upgrade
    [...]
    
    ┌──(kali㉿kali)-[~]
    └─$ cp -vrbi /etc/skel/. ~/
    [...]
    
    ┌──(kali㉿kali)-[~]
    └─$ [ -f /var/run/reboot-required ] && sudo reboot -f

Whether you’re a seasoned Kali user or exploring it for the first time, the 2023.4 release promises an enhanced experience with its diverse features and community-driven ethos.

To stay updated on the latest developments, bug fixes, and announcements, users are encouraged to engage with the Kali Linux community and actively contribute to its growth. For more information and to download Kali Linux 2023.4, visit the official **Kali Linux website**.

****_RELATED ARTICLES_****

1.  **What is an OSINT Tool – Best OSINT Tools 2023**
2.  **Download NSA’s reverse engineering tool GHIDRA**
3.  **Top 7 Most Popular and Best Cyber Forensics Tools**
4.  **AttackSurfaceMapper: New automated penetration testing tool**
5.  **Why Cybersecurity Business Needs a Real-Time Collaboration Tool**

Kali Linux 2023.4 is Out: Cloud ARM64, Hyper-V, Pi 5, & More!

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin.

Wednesday, December 6, 2023 13:33

Cisco Talos has disclosed 10 vulnerabilities over the past two weeks, including nine that exist in a popular online PDF reader that offers a browser plugin. 

Attackers could exploit these vulnerabilities in the Foxit PDF Reader to carry out a variety of malicious actions, but most notably could gain the ability to execute arbitrary code on the targeted machine. Foxit aims to have feature parity with Adobe Acrobat Reader, the most popular PDF-reading software currently on the market. The company offers paid versions of its software for a variety of users, including individuals and enterprises. There are also browser plugins of Foxit that run in a variety of web browsers, including Google Chrome and Mozilla Firefox. 

Talos’ Vulnerability Research team also found an integer overflow vulnerability in the GPSd daemon, which is triggered if an attacker sends a specially crafted packet, causing the daemon to crash. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

**Multiple vulnerabilities in Foxit PDF Reader **

_Discovered by Kamlapati Choubey._ 

Foxit PDF Reader contains multiple vulnerabilities that could lead to remote code execution if exploited correctly.  

TALOS-2023-1837 (CVE-2023-32616) and TALOS-2023-1839 (CVE-2023-38573) can be exploited if an attacker embeds malicious JavaScript into a PDF, and the targeted user opens that PDF in Foxit. These vulnerabilities can trigger the use of a previously freed object, which can lead to memory corruption and arbitrary code execution.  

TALOS-2023-1838 (CVE-2023-41257) works in the same way, but in this case, it is caused by a type confusion vulnerability.  

Three other vulnerabilities could allow an attacker to create arbitrary HTA files in the context application, and eventually gain the ability to execute arbitrary code on the targeted machine. TALOS-2023-1832 (CVE-2023-39542), TALOS-2023-1833 (CVE-2023-40194) and TALOS-2023-1834 (CVE-2023-35985) are all triggered if the targeted user opens a specially crafted file in the Foxit software or browser plugin. 

**GPSd NTRIP Stream Parsing access violation vulnerability **

_Discovered by Dimitrios Tatsis._ 

An integer overflow vulnerability exists in the NTRIP Stream Parsing functionality of GPS daemon, which is used to collect and display GPS information in other software. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger TALOS-2023-1860 (CVE-2023-43628). 

According to GPSd’s website, this service daemon powers the map service on Android mobile devices and is “ubiquitous in drones, robot submarines, and driverless cars.” 

_Discovered by Claudio Bozzato and Francesco Benvenuto._ 

Talos researchers recently found multiple data integrity vulnerabilities in Buildroot, a tool that automates builds of Linux environments for embedded systems. 

An adversary could carry out a man-in-the-middle attack to exploit TALOS-2023-1845 (CVE-2023-43608) and TALOS-2023-1844 (CVE-2023-45842, CVE-2023-45839, CVE-2023-45838, CVE-2023-45840 and CVE-2023-45841) to execute arbitrary code in the builder. 

As a direct consequence, an attacker could then also tamper with any file generated for Buildroot’s targets and hosts. 

**Malformed Excel file could lead to arbitrary code execution in WPS Office **

_Discovered by Marcin “Icewall” Noga._ 

An uninitialized pointer use vulnerability (TALOS-2023-1748/CVE-2023-31275) exists in the functionality of WPS Office, a suite of software for word and data processing, that handles Data elements in an Excel file.  

A specially crafted malformed Excel file can lead to remote code execution. 

WPS Office, previously known as a Kingsoft Office, is a software suite for Microsoft Windows, macOS, Linux, iOS, Android, and HarmonyOS developed by Chinese software developer Kingsoft. It is installed by default on Amazon Fire tablet devices. 

Talos disclosed this vulnerability in November despite no official fix or patch from Kingsoft after the company did not respond to our notification attempts and failed the 90-day deadline as outlined in Cisco’s third-party vendor vulnerability disclosure policy.

Remote code execution vulnerabilities found in Buildroot, Foxit PDF Reader

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.

If you have push notifications turned on for sensitive apps, you may want to reconsider your settings.

The United States government and foreign law enforcement can demand Apple and Google share metadata associated with push notifications from apps on iOS and Android, according to a US senator and court records reviewed by WIRED. These notifications can reveal which apps a person uses, along with other information that may be pertinent to law enforcement investigations.

US Senator Ron Wyden, an Oregon Democrat, highlighted the government surveillance technique in a letter sent to the US Department of Justice (DOJ) today. Wyden is specifically asking the DOJ to allow Apple and Google to discuss government requests for push notification records with their users, which Wyden says the US government has required them to keep secret thus far.

“In the spring of 2022, my office received a tip that government agencies in foreign countries were demanding smartphone ‘push’ notification records from Google and Apple,” Wyden wrote in the letter, which was first reported by Reuters. “My staff have been investigating this tip for the past year, which included contacting Apple and Google. In response to that query, the companies told my staff that information about this practice is restricted from public release by the government.”

App developers deliver push notifications using Apple’s Push Notification Service on iOS or Google’s Firebase Cloud Messaging on Android. Each user of an app is assigned a “push token,” which is transferred between the app and the mobile operating system’s push notification service. Push tokens are not permanently assigned to a single user, and new tokens may be generated when a person reinstalls an app or switches to a new device.

To identify a person of interest and whom they may have been communicating with, law enforcement must first go to an app developer to obtain the relevant push token and then bring it to the operating system maker—Apple or Google—and request information on which account the token is associated with. This puts the tech giants in “a unique position to facilitate government surveillance of how users are using particular apps,” Wyden writes.

According to Wyden, the records that governments can obtain from Apple and Google include metadata that reveals which apps a person has used, when they’ve received notifications, and the phone associated with a particular Google or Apple account. The content of push notifications is not included in this information, but, for at least some apps, law enforcement could obtain information about the content of specific pushes through additional requests based on the information from the push tokens.

While Wyden’s letter says that governments outside the US have requested people’s push notification records, the Federal Bureau of Investigation (FBI) has done so as well. A February 2021 search warrant application submitted by an FBI agent to the US District Court in Washington, DC, requested details for two accounts controlled by Meta (then Facebook), specifically citing a request for push notification tokens. The search warrant request related to an investigation into a person accused of taking part in the January 6, 2021, attack on the US Capitol.

Meta, which owns Facebook, WhatsApp, and Instagram, did not immediately respond to WIRED’s request to comment. A spokesperson for Signal, the popular encrypted messaging app, also did not respond. The DOJ declined to comment.

Although Wyden is asking the DOJ to allow Apple and Google to discuss government requests for push notification records, the senator’s letter appears to have enabled them to do just that.

An Apple spokesperson tells WIRED that the company has updated its Law Enforcement Guidelines in its transparency report to reflect government requests for push notification records. The company will also begin to detail these requests in its next transparency report. Apple's updated rules for police requests say push notification records “may be obtained with a subpoena or greater legal process.”

“Apple is committed to transparency and we have long been a supporter of efforts to ensure that providers are able to disclose as much information as possible to their users,” Apple says in a statement. “In this case, the federal government prohibited us from sharing any information and now that this method has become public we are updating our transparency reporting to detail these kinds of requests.”

Google confirmed to WIRED that it receives requests for push notification records, but the company says it already includes these types of requests in its transparency reports. The company says requests from US-based law enforcement for push notification records require court orders with judicial approval.

“We were the first major company to publish a public transparency report sharing the number and types of government requests for user data we receive, including the requests referred to by Senator Wyden,” a Google spokesperson tells WIRED. “We share the senator’s commitment to keeping users informed about these requests.”

A WIRED review of Google’s most recent transparency report for the period between December 2019 and December 2022 found that it does not specifically break out government requests for push notification records, and Google confirmed that it aggregates this data in its transparency report.

Google’s transparency report shows that the US government requested Google Cloud Platform data from enterprise customers 175 times during the period, and of those, used a search warrant 13 times. It is unclear whether any of those requests for user data included push notification records—details that may, following Wyden’s letter, be revealed in the future.

_Additional reporting by William Turton and Dhruv Mehrotra._

_Updated at 1:30 pm ET, December 6, 2023, to note that the DOJ has declined to comment on Wyden's letter and to add additional details about Apple's updated rules for law enforcement regarding requests for push notification records._

_Updated at 3:50 pm ET, December 6, 2023, to add details about Google's legal requirement for law enforcement requests for push notification records._

Police Can Spy on Your iOS and Android Push Notifications

Permission management vulnerability in the module for disabling Sound Booster. Successful exploitation of this vulnerability may cause features to perform abnormally.

HUAWEI is releasing monthly security updates for flagship models. This security update includes HUAWEI and third-party library patches:

This security update includes the following third-party library patches:

This security update includes the CVE announced in the November 2023 Android security bulletin:

Critical: none

High: CVE-2023-40104, CVE-2023-40111, CVE-2023-40112, CVE-2023-40110, CVE-2023-40114, CVE-2023-40105, CVE-2023-40106, CVE-2023-40109, CVE-2023-40115, CVE-2023-40100, CVE-2023-33031, CVE-2023-33055, CVE-2023-33059

Medium: CVE-2023-28572, CVE-2023-28553

Low: none

Already included in previous updates: CVE-2022-29824, CVE-2023-21253, CVE-2021-44828, CVE-2022-28348, CVE-2023-33200, CVE-2023-4211, CVE-2023-21237, CVE-2022-20264, CVE-2022-27404, CVE-2023-21295, CVE-2023-21308, CVE-2023-21311, CVE-2023-21319, CVE-2023-21320, CVE-2023-21326, CVE-2023-21331, CVE-2023-21344, CVE-2023-21346, CVE-2023-21348, CVE-2023-21349, CVE-2023-21355, CVE-2023-21369, CVE-2023-21372, CVE-2023-21374, CVE-2023-21388

※ For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2023-44099: Vulnerability of data verification errors in the kernel module

Severity: Medium

Affected versions: EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may cause WLAN interruption.

CVE-2023-44113: Vulnerability of missing permission verification for APIs in the Designed for Reliability (DFR) module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-46773: Permission management vulnerability in the PMS module

Severity: High

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may cause privilege escalation.

CVE-2023-49239: Unauthorized access vulnerability in the card management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49240: Unauthorized access vulnerability in the launcher module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49241: API permission control vulnerability in the network management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49242: Free broadcast vulnerability in the running management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49243: Vulnerability of unauthorized access to email attachments in the email module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49244: Permission management vulnerability in the multi-user module

Severity: Medium

Affected versions: EMUI 13.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49245: Unauthorized access vulnerability in the HUAWEI Share module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49246: Unauthorized access vulnerability in the card management module

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49247: Permission verification vulnerability in distributed scenarios

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-49248: Vulnerability of unauthorized file access in the Settings app

Severity: High

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause unauthorized file access.

CVE-2023-6273: Permission management vulnerability in the module for disabling Sound Booster

Severity: Medium

Affected versions: EMUI 13.0.0, EMUI 12.0.0, EMUI 11.0.1

Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Tag

#android