每日安全动态推送(11-30)
2023-11-30 16:49:56 Author: mp.weixin.qq.com(查看原文) 阅读量:5 收藏

Tencent Security Xuanwu Lab Daily News

• That's FAR-out, Man:
https://blog.dfsec.com/ios/2023/11/19/thats-far-out-man/

   ・ 一个XNU内核信息泄露漏洞,该漏洞是由于XNU的异常处理程序无条件地复制了FAR_EL1寄存器中未初始化的值所导致的。 – SecTodayBot

• TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution:
https://packetstormsecurity.com/files/175926

   ・ Atemio AM 520 HD全高清卫星接收器存在漏洞,未经授权的攻击者可以利用应用程序中的getcommand查询执行具有提升权限的系统命令,从而获得root访问权限。 – SecTodayBot

• Sorry, you have been blocked:
https://packetstormsecurity.com/news/view/35233

   ・ ownCloud开源文件共享和协作软件存在严重漏洞,可能导致凭证和其他敏感信息的泄露,以及身份验证和验证绕过。 – SecTodayBot

• How IDA 7.2's installer password was found:
https://seri.tools/blog/ida-72-password/

   ・ IDA的MacOS和Linux安装程序存在明显缺陷,包括在设置文件中以明文形式存储密码 – SecTodayBot

• Big update to my Semgrep C/C++ ruleset:
https://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset/

   ・ 巧妙地将Ghidra与#Semgrep结合起来进行扫描,以保护二进制代码免受漏洞的侵害 – SecTodayBot

• Access denied:
https://www.zscaler.com/blogs/security-research/threatlabz-discovers-117-vulnerabilities-microsoft-365-apps-sketchup-3d-0

   ・ Zscaler威胁实验室发现通过SketchUp 3D库在Microsoft 365应用中的117个漏洞,了解如何绕过CVE-2023-29344补丁。 – SecTodayBot

• Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw:
https://www.hackread.com/design-flaw-domain-delegation-google-vulnerability-cybersecurity/

   ・ 研究人员在Hunters创建了一个概念验证工具,帮助组织检测DWD配置错误,提高意识,并减少DeleFriend的利用风险。 – SecTodayBot

* 查看或搜索历史推送内容请访问:
https://sec.today

* 新浪微博账号:腾讯玄武实验室
https://weibo.com/xuanwulab


文章来源: https://mp.weixin.qq.com/s?__biz=MzA5NDYyNDI0MA==&mid=2651959442&idx=1&sn=87a54c5525b31b60b61b703133854dcf&chksm=8baed00dbcd9591ba32380d752a1226baabcc82640b89dc5c92f8dea713773d7bdfc1dd2e190&scene=58&subscene=0#rd
如有侵权请联系:admin#unsafe.sh