Cyber Security

Android October patch fixes three essential bugs, 41 flaws in whole

Google has launched the Android October safety updates, addressing 41 vulnerabilities, all ranging between excessive and significant severity.

On the fifth of every month, Google releases the whole safety patch for the Android OS which comprises each the framework and the seller fixes for that month. As such, this replace additionally incorporates fixes for the ten vulnerabilities that have been addressed within the Safety patch stage 2021-10-01, launched a few days again. 

The high-severity flaws fastened this month concern denial of service, elevation of privilege, distant code execution, and data disclosure points.

The three essential severity flaws within the set are tracked as:

  • CVE-2021-0870: Distant code execution flaw in Android System, enabling a distant attacker to execute arbitrary code inside the context of a privileged course of.
  • CVE-2020-11264: Crucial flaw affecting Qualcomm’s WLAN part, in regards to the acceptance of non-EAPOL/WAPI frames from unauthorized friends obtained within the IPA exception path.
  • CVE-2020-11301: Crucial flaw affecting Qualcomm’s WLAN part, in regards to the acceptance of unencrypted (plaintext) frames on safe networks.

Crucial however unexploited

Not one of the 41 flaws addressed this month have been reported to be underneath lively exploitation within the wild, so there ought to be no working exploits for them circulating on the market.

Older units which might be not supported with safety updates now have an elevated assault floor, as a few of the vulnerabilities fastened this month are glorious candidates for menace actors to create working exploits sooner or later.

Bear in mind, Android safety patches aren’t certain to Android variations, and the above fixes concern all variations from Android 8.1 to Android 11. As such, the OS model isn’t a figuring out think about whether or not or not your gadget remains to be supported.

When you have confirmed that your gadget has reached the EOL date, you must both set up a third-party Android distribution that also delivers month-to-month safety patches in your mannequin, or exchange it with a brand new one.

Android followers have been eagerly ready for the discharge of model 12, which was rumored for October 4, 2021, however what they received as a substitute was the source of Android 12 pushed to the Android Open Source Project.

This step signifies that the precise launch is simply across the nook, and OTA improve alerts may hit eligible units, just like the Pixel, very quickly.

Source link

Cyber Security

QNAP fixes bug that allow attackers run malicious instructions remotely

QNAP fixes bugs that let attackers run malicious code remotely

Taiwan-based network-attached storage (NAS) maker QNAP has launched safety patches for a number of vulnerabilities that would permit attackers to inject and execute malicious code and instructions remotely on susceptible NAS gadgets.

Three of the safety flaws mounted in the present day by QNAP are excessive severity stored cross-site scripting (XSS) vulnerabilities (tracked as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355) have an effect on gadgets operating unpatched Picture Station software program (releases earlier than 5.4.10, 5.7.13, or 6.0.18).

QNAP additionally patched a saved XSS Image2PDF flaw impacting gadgets operating software program variations launched earlier than Image2PDF 2.1.5.

Stored XSS attacks permit risk actors to inject malicious code remotely, completely storing it on the focused servers following profitable exploitation.

The corporate additionally addressed a command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EOL) gadgets operating the QVR IP video surveillance software program that helps attackers run arbitrary instructions.

Profitable assaults exploiting the CVE-2021-34352 flaw may result in the whole takeover of compromised NAS gadgets.

Three different QVR flaws had been also patched on Monday, as disclosed by QNAP in a safety advisory rated with a crucial severity ranking.

safe your NAS machine

On condition that QNAP NAS gadgets have been beneath a constant barrage of attacks the final couple of years, prospects ought to instantly replace each apps to the most recent obtainable releases as quickly as attainable.

To replace Picture Station or Image2PDF to the most recent model in your NAS, it’s worthwhile to undergo the following process:

  1. Log into QTS or QuTS hero as administrator.
  2. Open the App Middle, after which click on . A search field seems.
  3. Sort “Picture Station” or “Image2PDF” after which press ENTER. The applying seems within the search outcomes.
  4. Click on Replace. A affirmation message seems. Observe: The Replace button just isn’t obtainable if you’re utilizing the most recent model.
  5. Click on OK. The applying is up to date.

 To replace the QVR surveillance software program, comply with these steps:

  1. Go browsing to QVR as administrator.
  2. Go to Management Panel > System Settings > Firmware Replace.
  3. Underneath Dwell Replace, click on Verify for Replace. QVR downloads and installs the most recent obtainable replace.

QNAP warned in September 2020 of a surge in ransomware attacks encrypting recordsdata on publicly uncovered NAS storage gadgets.

As BleepingComputer reported on the time, QNAP prospects’ gadgets had been being hit by AgeLocker ransomware which was concentrating on older unpatched variations of Picture Station, an app used to add images, create albums, and think about them remotely.

QNAP additionally warned of eCh0raix ransomware attacks trying to use flaws within the Picture Station app beginning with June 2020.

Source link

Cyber Security

Google Emergency Replace Fixes Two Chrome Zero Days

That is the second pair of zero days that Google’s mounted this month, all 4 of which have been actively exploited within the wild.

Source link