Archive for the ‘privilege escalation’ Category

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

February 3rd, 2020
Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. Sudo is one of the most important, powerful, and commonly used utilities that comes as a core command pre-installed on

Posted in Apple macOS, Linux Sudo, Linux Vulnerability, patch update, privilege escalation, Sudo, Vulnerability | Comments (0)

3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

January 7th, 2020
Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber

Posted in Android, Android accessibility, Android Kernel, Android Malware, android spyware, Indian Hackers, privilege escalation, SideWinder | Comments (0)

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

December 5th, 2019
OpenBSD, an open-source operating system built with security in mind, has been found vulnerable to four new high-severity security vulnerabilities, one of which is an old-school type authentication bypass vulnerability in BSD Auth framework. The other three vulnerabilities are privilege escalation issues that could allow local users or malicious software to gain privileges of an auth group,

Posted in authentication bypass, cyber security, freebsd, OpenBSD, privilege escalation, Vulnerability | Comments (0)

Sudo Flaw Lets Linux Users Run Commands As Root Even When They’re Restricted

October 14th, 2019
Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issue that could allow a malicious user or a program to execute arbitrary commands as root on a

Posted in how to hack linux, Linux hacking, Linux Root, linux security, Linux server, Linux Sudo, privilege escalation, root access | Comments (0)

Zero-day privilege escalation disclosed for Android

September 5th, 2019
Zero-day privilege escalation disclosed for Android

Enlarge (credit: portal gda / Flickr)

Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device.

The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a "lack of validating the existence of an object prior to performing operations on the object," researchers with Trend Micro's Zero Day Initiative said in a blog post published Wednesday. Attackers who already have untrusted code running with low privileges on a device can exploit the bug to access privileged parts of the Android kernel. The severity score is rated a 7.8 out of a possible 10 points.

Modern OSes have become increasingly hard to compromise in recent years thanks to exploitation mitigations that prevent untrusted code from interacting with hard drives, kernels, and other sensitive resources. Hackers have responded by chaining two or more exploits together. A buffer overflow, for instance, may allow an attacker to load malicious code into memory, and a privilege-escalation flaw gives the code the privileges it needs to install a persistent payload.

Read 6 remaining paragraphs | Comments

Posted in Android, Biz & IT, exploits, privilege escalation, vulnerabilities, zeroday | Comments (0)

PoC Exploit For Unpatched Windows 10 Zero-Day Flaw Published Online

May 22nd, 2019
An anonymous hacker with an online alias "SandboxEscaper" today released proof-of-concept (PoC) exploit code for a new zero-day vulnerability affecting Windows 10 operating system—that's his/her 5th publicly disclosed Windows zero-day exploit [1, 2, 3] in less than a year. Published on GitHub, the new Windows 10 zero-day vulnerability is a privilege escalation issue that could allow a local

Posted in hacking news, Microsoft Windows 10, operating system, privilege escalation, sandbox bypass, Vulnerability, windows security, Zero-Day Vulnerability | Comments (0)

New Apache Web Server Bug Threatens Security of Shared Web Hosts

April 2nd, 2019
Mark J Cox, one of the founding members of the Apache Software Foundation and the OpenSSL project, today posted a tweet warning users about a recently discovered important flaw in Apache HTTP Server software. The Apache web server is one of the most popular, widely used open-source web servers in the world that powers almost 40 percent of the whole Internet. The vulnerability, identified as

Posted in Apache, Apache web server, fast web server, hacking web server, privilege escalation, shared web hosting, Vulnerability, web hosting, web server hacking, web server security | Comments (0)

Snapd Flaw Lets Attackers Gain Root Access On Linux Systems

February 13th, 2019
Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the

Posted in hacking news, linux, privilege escalation, Snap Package, Ubuntu, Ubuntu Linux, Vulnerability | Comments (0)

Latest iOS 12.1.4 Update Patches 2 Zero-Day and FaceTime Bugs

February 8th, 2019
Apple has finally released iOS 12.1.4 software update to patch the terrible Group FaceTime privacy bug that could have allowed an Apple user to call you via the FaceTime video chat service and hear or see you before you even pick up the call without your knowledge. The Facetime bug (CVE-2019-6223) was discovered by 14-year-old Grant Thompson of Catalina Foothills High School while he was

Posted in Apple Face Time, Apple iPhone, Google Project Zero, Group FaceTime, iphone update, macOS update, privilege escalation, Vulnerability | Comments (0)

New Privilege Escalation Flaw Affects Most Linux Distributions

October 26th, 2018
An Indian security researcher has discovered a highly critical flaw in X.Org Server package that impacts OpenBSD and most Linux distributions, including Debian, Ubuntu, CentOS, Red Hat, and Fedora. Xorg X server is a popular open-source implementation of the X11 system (display server) that offers a graphical environment to a wider range of hardware and OS platforms. It serves as an

Posted in CentOS, Debian, Fedora, Linux distribution, Linux server, Linux Vulnerability, OpenBSD, privilege escalation, Red Hat, Ubuntu | Comments (0)