OracleVM 3.3 / 3.4 : nss (OVMSA-2018-0264)

The remote OracleVM system is missing necessary patches to address critical security updates : - Added nss-vendor.patch to change vendor - Temporarily disable some tests until expired PayPalEE.cert is renewed - Backport upstream fix for CVE-2018-12384 - Remove nss-lockcert-api-change.patch, which...

DEF CON 2018: Apple 0-Day (Re)Opens Door to ‘Synthetic’ Mouse-Click Attack

LAS VEGAS – By tweaking just two lines of code, a researcher stumbled on an Apple zero-day that could allow a local attacker to virtually “click” a security prompt and thus load a kernel extension on systems running Apple’s latest High Sierra operating system. Kernel access on a Mac gives an...

Stolen D-Link Certificate Used to Digitally Sign Spying Malware

Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look lik...

Brave Software: Lack of quarantine meta-attribute for downloaded files leads to GateKeeper bypass

Summary: Executable files downloaded through Brave don't have quarantine attribute. That means it's possible to launch any executable bypassing codesigning + quarantine. However, later I found that Brave has already tracked similar report but only in the context of .pkg files. Additionally, Brave...

CVE-2018-13013

Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...

Input validation

Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...

CVE-2018-13013

Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...

CVE-2018-13013

The CVE-2018-13013 entry affects SAFE’N’SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite prior to 4.4.9. Root cause: improper check of unusual conditions when launching msiexec.exe via the SysWatch service, allowing a local attacker to...

CVE-2018-13013

Improper check of unusual conditions when launching msiexec.exe in safensec.com SysWatch service in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite before 4.4.9 allows the local attacker to bypass a code-signing protection...

Apple's code signing vulnerability will allow malicious software to bypass the many Mac security products-vulnerability warning-the black bar safety net

Recently, from the security company Okta Rex research expert Josh Pitts in the macOS code signature mechanism found in a can take advantage of security vulnerabilities. This vulnerability lurks A A years, it allows an attacker inserts a malicious untrusted code masquerading as a trusted legal cod...

Facebook OSQuery Code Signing Bypass (macOS)

The installed version of Facebook OSQuery is less than 3.2.7 and is therefore vulnerable to allowing execution of malicious binaries due to accepting forged Apple signatures. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid110643; scriptversion"1.5";...

CVE-2018-10405

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but...

Code injection

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...

Code injection

An issue was discovered in VirusTotal. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned co...

Code injection

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but t...

Code injection

An issue was discovered in Objective-See KnockKnock, LuLu, TaskExplorer, WhatsYourSign, and procInfo. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe...

Code injection

An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but...

Code injection

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicio...

CVE-2018-10403

An issue was discovered in F-Secure XFENCE and Little Flocker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but t...

CVE-2018-10406

An issue was discovered in Yelp OSXCollector. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious...