An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   Pricing

**Search code, repositories, users, issues, pull requests...**

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

CVE-2021-35309: cve-subscriptions/samsung-stws at main · mustafa-turgut/cve-subscriptions

A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi

CVE-2020-22181

Pixel Binary Transparency is the latest security benefit for Pixel owners.

It's not in Google's best interests for its smartphones to be easily compromised, and the tech giant has just rolled out a new security feature that for now is exclusive to Pixel devices: Pixel Binary Transparency.

You can think of it like a certificate of authenticity for your phone. It proves that the Pixel handset you have in your hands is the genuine article and not one that's been modified at the software level—potentially with security consequences.

While this is Pixel-only at the moment, it joins the existing Android Verified Boot feature in making sure that the phone that's in your hand hasn't been tampered with in any way—perhaps even before it reached you.

Along with speedy software updates, exclusive apps, and top-level camera performance, Google wants this new security feature to be another reason you'll buy a Pixel over anything else—and here's how it works.

The Security Problem

Are you sure your Pixel hasn't been compromised?

Photograph: Google

There are a lot of steps along the way before your new smartphone reaches you in its tidily cellophaned box, and all of those steps can be exploited by bad actors looking to take control of your device. If you think that opening a factory-fresh device means you don't have any security concerns to worry about, you'd be wrong.

Malware can be inserted into software code—Android software code, in this case—before a new handset gets put in the box. Remember that, as well as the basic Android operating system, you have additions by carriers and manufacturers (including Google and Samsung), not to mention a host of third-party libraries and open source code that all today's software is built on.

It only takes one part of the supply chain process to get exploited—one check that isn't carried out, or one assumption that is wrong—for devices to be put at risk. These attacks can also be launched once you start using your phone, with ostensibly safe apps unknowingly taken over by harmful code. Over-the-air software updates can also be hijacked before reaching users.

If you think about all the businesses involved in maintaining the software on your phone, from individual app developers to corporations such as Google, that's a lot of attack surfaces for hackers to consider. These kinds of attacks are on the rise too. All of this doesn't even consider the secondhand market as well, where used and refurbished Android devices (and especially Pixel phones, in this case) sold by prior owners come with no such guarantees that they're fresh installations of Android that are safe and clear of malware.

Google's Android Fixes

A Merkle tree is used to verify software.

Courtesy of David Nield

In simple terms, the new Pixel Binary Transparency checks the Android operating system on a Pixel phone to make sure the code is exactly as it should be. It's a bit like checking the authenticity of a painting, looking for signs of tampering, or checking that all the office doors and windows are locked at the end of the day. Google has written about the new feature in a blog post, and it says the feature will be built upon in the future.

More specifically, the new Android safety measure uses public cryptographic logs—digital bookkeeping systems—to show what a Pixel installation should look like. Entries can be appended to these logs when new software is released, but they can't be changed or deleted. In other words, any unauthorized edits are going to stand out.

The logs use what's known as a Merkle tree to maintain the integrity of the records within them, a cryptographic structure that speeds up the process of checking large amounts of data for any tampering. The approach means that much smaller portions of data can be analyzed to identify whether or not any changes have been made.

While Google itself admits that most users won't need the Pixel Binary Transparency feature because of the other safeguards already in place on Android, you can in fact try it out on your own Pixel phone or tablet. You're going to need to be familiar with compiling code and using the Android Debug Bridge (ADB) software that lets you analyze Android devices from a computer.

Pixel Binary Transparency complements the existing Android Verified Boot (AVB) safeguard, which works in a similar way. The instant that an Android device boots up, it looks for a special software “signature” (a little like a password) verifying that all is well, the software is untampered with, and the boot process can continue. As with Pixel Binary Transparency, any tampering is virtually impossible to conceal. At the same time, AVB also protects the device from being rolled back to older, less secure versions of Android.

Google's New Feature Ensures Your Pixel Phone Hasn't Been Hacked. Here’s How It Works

Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.

CVE-2022-4894: Certain HP and Samsung printer software - Potential elevation of privileges

Categories: News
Categories: Personal
We put Malwarebytes Browser Guard up against the top 25 websites. It knocked out 172 trackers and other unwanted items.



(Read more...)




The post 25 most popular websites vs Malwarebytes Browser Guard appeared first on Malwarebytes Labs.

Do you know how many see-everything-you're-doing-on-the-web trackers get loaded into your browser when you watch a YouTube video? Would you care to guess?

It's about sixty.

Sixty. Six zero. Sixty trackers when you load one video. I know this because I decided to take Browser Guard, the Malwarebytes' browser extension that blocks ads and keeps you safe from trackers, scams, malvertising, and other online threats, for a wander through the web's top 25 sites.

Web users have always spent a disprorportionate amount of their time on the web's most popular sites, and websites like Facebook, Twitter, and Twitch are designed to keep you hanging around for as long as possible. So what happens on the top sites has an outsized effect on users because the top sites don't just reach more people, they also keep people for longer.

Before I get into the why I was counting how many things Browser Guard blocks, take a look at the numbers in the table below.

The table shows the number of items—ads, cross-site trackers etc—that Browser Guard blocked on a single page on each of the top 25 most visited websites. I looked at one page on each site, and chose pages that were broadly representative of what somebody might go there to do. So, on Google I looked at a search results page, on YouTube I looked a page displaying a video, and so on. Where I was asked to log in and I had an account, I logged in, and where I was asked to accept cookies I did.

Site

Page type

Items blocked

Google

Search results

2

YouTube

Video page

58

Facebook

Feed

1

Twitter

Feed

2

Wikipedia

Article

0

Yahoo

Article

3

Yandex

Search results

0

WhatsApp

Home

1

XVideos

Video page

4

Amazon

Product page

2

PornHub

Video page

16

XNXX

Video page

4

TikTok

Video page

0

Microsoft (live.com)

Application

0

Reddit

Home

5

LinkedIn

Feed

11

Netflix

Home

1

OpenAI

Home

1

Xhamster

Video page

6

Weather

Home

8

Office 365

Application

0

Samsung

Home

42

Bing

Search results

0

Discord

Home

1

Twitch

Home

4

Browser Guard blocked a total of 172 items across the 25 pages tested. That's a mean average of seven on each site, and a median of two. The mean average is heavily skewed by YouTube and Samsung, which accounted for 100 items between them.

(Note that if you try to repeat this experiment you might get slightly different results, although we expect them to be similar to ours. Because of the way that ad tech works, different numbers of items may be downloaded for apparently identical page loads.)

**How tracking affects security and privacy**

So why does it matter?

Cross-site ad tracking follows you from site to site and builds up a rough picture of your likes, dislikes, and demographics, which is then used to help ad providers choose relevant, targeted ads to show you (or at least, that's the theory.)

This model comes with advantages, but it also comes with significant risks to both your privacy and security.

**You are the product**

The price you pay for the popular, free-to-use-websites like Facebook and YouTube is that somewhere, somebody is amassing a whole lot of data about you. You likely don't know who they are, what they know or how much, how securely the data is stored, how long it's kept, or who it's been shared with, sold to, or stolen by.

Some people see this kind of tracking as benign, or at least a necessary evil. The ad economy is what keeps sites like Facebook and YouTube free after all, and they would rather see ads that might at least appeal to them than something chosen at random. For others, the targeted ad economy and the cross-site tracking it relies upon are an unacceptable violation of their privacy.

But that's not the whole story. Ads and trackers aren't just a privacy problem, they come with a pair of security problems too.

**Efficient threat distribution**

The first is that ad distribution networks—the amazingly efficient, just-in-time auction houses that fill ad slots as a page loads—are just as good at distributing scams, links to phishing sites, and malware downloads, as they are at distributing ads. Ad companies don't encourage this, but despite their efforts malicious advertising—malvertising—is resurgent in 2023. A lot of malvertising works by impersonating well known brands, and the scammers do it so well that you have almost no chance of spotting it.

Simply, the more ads and ad networks you're interacting with, the more likely you are to encounter something bad. And if you do, you probably won't spot it until it's too late.

**Criminals with "God mode" access**

The second problem is that ad networks and cross-site tracking generally rely on components pulled from third-party websites as a page is loaded. This means that when you visit a page with a single tracker on it, your browser is actually talking to two websites: The website you're looking at and the website it's loading the tracking code from.

But lots of sites have far more than one tracker. If you visit a page with 20 trackers, your browser could be assembling the page you're looking at from as many as 21 different websites. Scarily, each website you load a component from gets full access to the page the component is included in. _FULL access_.

Among many other things, the third-party components are allowed to alter the code of the page you're looking at in any way they like, they can all see anything you type into a form on that page, even if you don't submit it, and they can copy any authentication cookies you have for that site too, which effectively means they can steal your password.

In other words, any site that suppliies _any_ content for the page you've loaded gets "God Mode" on that page. So if you're looking at a page with 20 trackers, that's as many as 21 sites with God Mode on that page.

That's bad enough if you trust everyone concerned, because even legitimate companies have been known to play fast and loose with that level of access. But it gets really serious if any of those organisations are compromised, because now you're giving God Mode to a malicious hacker.

**Browser Guard**

There is simply no way for an individual, even a highly skilled one, to know when they're using a website that includes a third-party component compromised by criminal hackers or operated by a company prepared to bend the rules at the expense of your privacy and security. And while legitimate ad companies offer opt outs from tracking, staying on top of them is unworkably hard.

Technologies like Browser Guard fill the gap, staying on top of the known nasties and blocking ads that can harbour malvertising, scams, and other threats, even on the biggest websites.

If you want to find out how much Browser Guard can block for you, download it today.

25 most popular websites vs Malwarebytes Browser Guard

In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.



_Published August 7, 2023_

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2023-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version.

Android partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.

The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed.

Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform.

**Android and Google service mitigations**

This is a summary of the mitigations provided by the Android security platform and service protections such as Google Play Protect. These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android.

*   Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.
*   The Android security team actively monitors for abuse through Google Play Protect and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with Google Mobile Services, and is especially important for users who install apps from outside of Google Play.

**2023-08-01 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-01 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. Devices with Android 10 and later may receive security updates as well as Google Play system updates.

**Android Runtime**

The vulnerability in this section could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21265

A-262521447

ID

High

11, 12, 12L, 13

**Framework**

The most severe vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21287

A-278221085

RCE

High

11, 12, 12L, 13

CVE-2023-21269

A-271576718

EoP

High

13

CVE-2023-21270

A-283006437 \[2\]

EoP

High

12, 12L, 13

CVE-2023-21272

A-227471459

EoP

High

11, 12, 12L

CVE-2023-21278

A-281807669

EoP

High

12, 12L, 13

CVE-2023-21281

A-265431505

EoP

High

11, 12, 12L, 13

CVE-2023-21286

A-277740082

EoP

High

11, 12, 12L, 13

CVE-2023-21267

A-218495634

ID

High

11, 12, 12L, 13

CVE-2023-21276

A-213170822

ID

High

12, 12L, 13

CVE-2023-21277

A-281018094

ID

High

12, 12L, 13

CVE-2023-21279

A-277741109

ID

High

12, 12L, 13

CVE-2023-21283

A-280797684 \[2\]

ID

High

11, 12, 12L, 13

CVE-2023-21288

A-276294099

ID

High

11, 12, 12L, 13

CVE-2023-21289

A-272020068

ID

High

11, 12, 12L, 13

CVE-2023-21292

A-236688380

ID

High

11, 12, 12L, 13

CVE-2023-21280

A-270049379

DoS

High

12, 12L, 13

CVE-2023-21284

A-260729089

DoS

High

11, 12, 12L, 13

**Media Framework**

The vulnerability in this section could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21282

A-279766766

RCE

Critical

11, 12, 12L, 13

**System**

The most severe vulnerability in this section could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Updated AOSP versions

CVE-2023-21273

A-272783039

RCE

Critical

11, 12, 12L, 13

CVE-2023-20965

A-250574778 \[2\] \[3\]

EoP

High

13

CVE-2023-21132

A-253043218

EoP

High

12, 12L, 13

CVE-2023-21133

A-253043502

EoP

High

12, 12L, 13

CVE-2023-21134

A-253043495

EoP

High

12, 12L, 13

CVE-2023-21140

A-253043490

EoP

High

12, 12L, 13

CVE-2023-21242

A-277824547

EoP

High

13

CVE-2023-21275

A-278691965

EoP

High

12, 12L, 13

CVE-2023-21271

A-269455813

ID

High

12, 12L, 13

CVE-2023-21274

A-269456018

ID

High

12, 12L, 13

CVE-2023-21285

A-271851153

ID

High

11, 12, 12L, 13

CVE-2023-21268

A-264880895

DoS

High

11, 12, 12L, 13

CVE-2023-21290

A-264880689

DoS

High

11, 12, 12L, 13

**Google Play system updates**

The following issues are included in Project Mainline components.

 

Subcomponent

CVE

Media Codecs

CVE-2023-21282

Permission Controller

CVE-2023-21132, CVE-2023-21133, CVE-2023-21134, CVE-2023-21140

WiFi

CVE-2023-20965, CVE-2023-21242

**2023-08-05 security patch level vulnerability details**

In the sections below, we provide details for each of the security vulnerabilities that apply to the 2023-08-05 patch level. Vulnerabilities are grouped under the component they affect. Issues are described in the tables below and include CVE ID, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

**Kernel**

The most severe vulnerability in this section could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

    

CVE

References

Type

Severity

Subcomponent

CVE-2023-21264

A-279739439  
Upstream kernel \[2\]

EoP

Critical

KVM

CVE-2020-29374

A-174737879  
Upstream kernel \[2\] \[3\] \[4\] \[5\] \[6\]

EoP

High

COW

**Arm components**

This vulnerability affects Arm components and further details are available directly from Arm. The severity assessment of this issue is provided directly by Arm.

    

CVE

References

Severity

Subcomponent

CVE-2022-34830  

A-227655299 \*

High

Mali

**MediaTek components**

This vulnerability affects MediaTek components and further details are available directly from MediaTek. The severity assessment of this issue is provided directly by MediaTek.

    

CVE

References

Severity

Subcomponent

CVE-2023-20780  

A-285686353  
M-ALPS08017756 \*

High

keyinstall

**Qualcomm closed-source components**

These vulnerabilities affect Qualcomm closed-source components and are described in further detail in the appropriate Qualcomm security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

    

CVE

References

Severity

Subcomponent

CVE-2022-40510  

A-268059589 \*

Critical

Closed-source component

CVE-2023-21626  

A-268060065 \*

High

Closed-source component

CVE-2023-22666  

A-280342037 \*

High

Closed-source component

CVE-2023-28537  

A-280341737 \*

High

Closed-source component

CVE-2023-28555  

A-280342401 \*

High

Closed-source component

**Common questions and answers**

This section answers common questions that may occur after reading this bulletin.

**1\. How do I determine if my device is updated to address these issues?**

To learn how to check a device's security patch level, see Check and update your Android version.

*   Security patch levels of 2023-08-01 or later address all issues associated with the 2023-08-01 security patch level.
*   Security patch levels of 2023-08-05 or later address all issues associated with the 2023-08-05 security patch level and all previous patch levels.

Device manufacturers that include these updates should set the patch string level to:

*   \[ro.build.version.security\_patch\]:\[2023-08-01\]
*   \[ro.build.version.security\_patch\]:\[2023-08-05\]

For some devices on Android 10 or later, the Google Play system update will have a date string that matches the 2023-08-01 security patch level. Please see this article for more details on how to install security updates.

**2\. Why does this bulletin have two security patch levels?**

This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level.

*   Devices that use the 2023-08-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.
*   Devices that use the security patch level of 2023-08-05 or newer must include all applicable patches in this (and previous) security bulletins.

Partners are encouraged to bundle the fixes for all issues they are addressing in a single update.

**3\. What do the entries in the _Type_ column mean?**

Entries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability.

 

Abbreviation

Definition

RCE

Remote code execution

EoP

Elevation of privilege

ID

Information disclosure

DoS

Denial of service

N/A

Classification not available

**4\. What do the entries in the _References_ column mean?**

Entries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

 

Prefix

Reference

A-

Android bug ID

QC-

Qualcomm reference number

M-

MediaTek reference number

N-

NVIDIA reference number

B-

Broadcom reference number

U-

UNISOC reference number

**5\. What does an \* next to the Android bug ID in the _References_ column mean?**

Issues that are not publicly available have an \* next to the corresponding reference ID. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

**6\. Why are security vulnerabilities split between this bulletin and device / partner security bulletins, such as the Pixel bulletin?**

Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device / partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers may also publish security vulnerability details specific to their products, such as Google, Huawei, LGE, Motorola, Nokia, or Samsung.

**Versions**

  

Version

Date

Notes

1.0

August 7, 2023

Bulletin published.

CVE-2023-21267: Android Security Bulletin—August 2023

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.

Skip to content

GitLab

*   *   GitLab: the DevOps platform
    *   Explore GitLab
    *   Install GitLab
    *   How GitLab compares
    *   Get started
    *   GitLab docs
    *   GitLab Learn
    
*   Pricing
*   Talk to an expert

*   /
    
*   

*   Help
    
    *   Help
    *   Support
    *   Community forum
    
    *   Submit feedback
    *   Contribute to GitLab
    *   Switch to GitLab Next
    
*   *   
    
    Projects Groups Topics Snippets
    
*   Register
*   Sign in

*   Klaus Jensen
*   QEMU
*   Commits
*   6c8f8456

**Commit 6c8f8456** authored Aug 08, 2023 by  **Klaus Jensen** 🍻

Browse files

**hw/nvme: fix null pointer access in directive receive**

nvme\_directive\_receive() does not check if an endurance group has been
configured (set) prior to testing if flexible data placement is enabled
or not.

Fix this.

Cc: qemu-stable@nongnu.org
Resolves: #1815
Fixes: 73064edf

 ("hw/nvme: flexible data placement emulation")
Reviewed-by: Jesper Wendel Devantier <j.devantier@samsung.com\>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com\>

parent a8fc5165

*   Changes 1

Hide whitespace changes

Inline Side-by-side

0% or .

You are about to add **0 people** to the discussion. Proceed with caution.

Finish editing this message first!

Please register or sign in to comment

CVE-2023-40360: hw/nvme: fix null pointer access in directive receive (6c8f8456) · Commits · Klaus Jensen / QEMU · GitLab

Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission.

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer  
Samsung Electronics (UK) Limited  
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

**Cookies**

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

**Essential Cookies**: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie

Domain

Purpose

JSESSIONID

security.samsungmobile.com

to keep login session

lastActivityTime

security.samsungmobile.com

to save the user's last activity time to automatically logout after 30 minutes of inactivity

**Managing Cookies and Other Technologies**

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

CVE-2023-30705: Samsung Mobile Security

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.

CVE-2023-30701: Samsung Mobile Security

By Habiba Rashid
New Intel Processor Vulnerability "Downfall" Discovered: Threats to Data Security Amplify
This is a post from HackRead.com Read the original post: Intel Responds to ‘Downfall’ Attack with Firmware Updates, Urges Mitigation

*   **‘Downfall’ Attack Unveiled:** Google researchers reveal a new side-channel attack called “Downfall” targeting Intel processors, exposing a memory optimization vulnerability (CVE-2022-40982).
*   **Cloud Impact:** The attack extends into cloud environments, enabling attackers to extract data from shared cloud computers, intensifying data breach risks.
*   **Memory Optimization Flaw:** The vulnerability originates from Intel processors’ memory optimization features, inadvertently revealing internal hardware registers to software.
*   **Attack Techniques:** The attack employs Gather Data Sampling (GDS) and Gather Value Injection (GVI) to steal CPU data and manipulate microarchitectural data injections.
*   **Mitigations and Implications:** Intel responds with firmware updates to address the vulnerability, but performance overhead concerns remain. ‘Downfall’ underlines the vulnerability of modern microprocessors, resonating with industry-wide concerns.

Google researchers have uncovered a new side-channel attack known as “Downfall” targeting Intel processors. This attack, discovered by Google senior research scientist Daniel Moghimi, exposes a vulnerability tracked as CVE-2022-40982, exploiting a memory optimization feature in Intel processors.

Downfall joins the league of attacks that can be exploited by local attackers or malware to access sensitive information, including passwords and encryption keys, of affected device users.

Moghimi’s findings unveil a disconcerting aspect of Intel processors, revealing that transient execution attacks like Downfall extend their reach even into cloud environments. This enables malicious actors to pilfer data from other users sharing the same cloud computer, significantly raising the stakes of data breaches.

The underlying flaw stems from memory optimization features inherent in Intel processors, inadvertently disclosing internal hardware registers to software. This exposure facilitates unauthorized software access to data that should remain shielded from such access.

The pivotal culprit in this scenario is the “Gather” instruction, intended to expedite the retrieval of scattered memory data. However, Moghimi ingeniously demonstrated how this instruction leaks the contents of the internal vector register file during speculative execution, thereby opening up avenues for cybercriminals.

Two specific attack techniques were developed as part of the Downfall (research paper PDF) exploit – Gather Data Sampling (GDS) and Gather Value Injection (GVI). The former method facilitates the theft of data from CPU components, while the latter manipulates the data leaks for microarchitectural data injections. The practicality of GDS is underscored by Moghimi’s creation of a proof-of-concept (PoC) exploit, capable of pilfering encryption keys from OpenSSL.

This clip shows how attacks can steal 128-bit and 256-bit AES keys from another user:

Notably, the Downfall attack doesn’t discriminate between endpoint devices and cloud infrastructure. While cloud environments provide a broader landscape for potential attacks, Moghimi emphasized the significant threat Downfall poses to personal computers. Theoretically, the exploit could even be executed via a web browser, although this possibility necessitates further research and validation.

To counteract the impending threats posed by Downfall, Intel has swiftly responded by publishing a security advisory and releasing firmware updates. These mitigations come as microcode updates designed to address CVE-2022-40982, which Intel has classified as having “medium severity.”

The updates intend to thwart the data leakage intrinsic to the Gather instruction, although they come with a trade-off of potential performance overhead, which could be as high as 50% in some workloads. Despite this drawback, experts unanimously advocate for the implementation of these fixes to safeguard against potential breaches.

Intel’s recent woes are not exclusive, as the Downfall attack highlights the vulnerability of modern microprocessors. Notably, Google researchers also unveiled “Zenbleed,” a vulnerability afflicting AMD Zen 2 processors, reiterating the broader implications of such vulnerabilities across the industry.

The disclosure of Downfall coincides with the revelation of another processor vulnerability named “Inception” by researchers at ETH Zurich. Inception targets devices powered by AMD Zen processors, allowing attackers to manipulate the CPU’s predictive algorithms to access sensitive data.

**RELATED ARTICLES**

1.  Hackers Targeting Apple’s M1 Chip with Mac Malware
2.  Intel chip flaw left cars, medical and IoT devices vulnerable
3.  Intel chip flaw “Foreshadow” attacks SGX tech to extract data
4.  Chip Flaws Impacting Microsoft, Lenovo, and Samsung Devices
5.  All Nintendo Switch Consoles Contain Unpatchable Chip-Level Flaw

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Tag

#samsung