The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: arbitrary code execution

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

New Mac Malware Exploits GateKeeper Bypass Bug that Apple Left Unpatched

June 25, 2019Mohit Kumar
Cybersecurity researchers from Intego are warning about possible active exploitation of an unpatched security vulnerability in Apple's macOS Gatekeeper security feature details and PoC for which were publicly disclosed late last month. Intego team last week discovered four samples of new macOS malware on VirusTotal that leverage the GateKeeper bypass vulnerability to execute untrusted code on macOS without displaying users any warning or asking for their explicit permission. However, the newly discovered malware, dubbed OSX/Linker , has not been seen in the wild as of now and appears to be under development. Though the samples leverage unpatched Gatekeeper bypass flaw, it does not download any malicious app from the attacker's server. According to Joshua Long from Intego, until last week, the "malware maker was merely conducting some detection testing reconnaissance." "One of the files was signed with an Apple Developer ID (as explained below), it is
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer

June 21, 2019Swati Khandelwal
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities , besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks. With more than 3 billion downloads, VLC is a hugely popular open-source media player software that is currently being used by hundreds of millions of users worldwide on all major platforms, including Windows, macOS, Linux, as well as Android and iOS mobile platforms. Discovered by Symeon Paraschoudis from Pen Test Partners and identified as CVE-2019-12874 , the first high-severity vulnerability is a double-free issue which resides in "zlib_decompress_extra" function of VideoLAN
Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

Adobe Issues Critical Patches for ColdFusion, Flash Player, Campaign

June 11, 2019Swati Khandelwal
It's Patch Tuesday week! Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign. Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary code execution attacks. Here below you can find brief information about all newly patched ColdFusion flaws : CVE-2019-7838 — This vulnerability has been categorized as "File extension blacklist bypass" and can be exploited if the file uploads directory is web accessible. CVE-2019-7839 — There's a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11. CVE-2019-7840 — This flaw originates from the deserialization of untrusted data and also leads to arbitrary code execution on the system. Besides ColdFusion
Using LabVIEW? Unpatched Flaw Allows Hackers to Hijack Your Computer

Using LabVIEW? Unpatched Flaw Allows Hackers to Hijack Your Computer

August 29, 2017Mohit Kumar
If you're an engineer and use LabVIEW software to design machines or industrial equipments, you should be very suspicious while opening any VI (virtual instrument) file. LabVIEW, developed by American company National Instruments, is a visual programming language and powerful system-design tool that is being used worldwide in hundreds of fields and provides engineers with a simple environment to build measurement or control systems Security researchers from Cisco's Talos Security Intelligence have discovered a critical vulnerability in LabVIEW software that could allow attackers to execute malicious code on a target computer, giving them full control of the system. Identified as CVE-2017-2779 , the code execution vulnerability could be triggered by opening a specially crafted VI file, a proprietary file format used by LabVIEW. The vulnerability originates because of memory corruption issue in the RSRC segment parsing functionality of LabVIEW. Modulating the values
Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

Two Critical Zero-Day Flaws Disclosed in Foxit PDF Reader

August 17, 2017Wang Wei
Are you using Foxit PDF Reader? If yes, then you need to watch your back. Security researchers have discovered two critical zero-day security vulnerabilities in Foxit Reader software that could allow attackers to execute arbitrary code on a targeted computer, if not configured to open files in the Safe Reading Mode. The first vulnerability (CVE-2017-10951) is a command injection bug discovered by researcher Ariele Caltabiano working with Trend Micro's Zero Day Initiative (ZDI), while the second bug (CVE-2017-10952) is a file write issue found by Offensive Security researcher Steven Seeley. An attacker can exploit these bugs by sending a specially crafted PDF file to a Foxit user and enticing them to open it. Foxit refused to patch both the vulnerabilities because they would not work with the "safe reading mode" feature that fortunately comes enabled by default in Foxit Reader. "Foxit Reader & PhantomPDF has a Safe Reading Mode which is enabled by d
Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

July 17, 2017Swati Khandelwal
A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim's computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help users connect and collaborate with colleagues around the world. The extension has roughly 20 million active users. Discovered by Tavis Ormandy of Google Project Zero and Cris Neckar of Divergent Security, the remote code execution flaw (CVE-2017-6753) is due to a designing defect in the WebEx browser extension. To exploit the vulnerability, all an attacker need to do is trick victims into visiting a web page containing specially crafted malicious code through the browser with affected extension installed. Successful exploitation of this vulnerability could result in the attacker executing arbitrary code with th
Corel Software DLL Hijacking Vulnerability Allows Hackers to Execute Malicious Code

Corel Software DLL Hijacking Vulnerability Allows Hackers to Execute Malicious Code

January 14, 2015Wang Wei
Security researchers have disclosed local zero day DLL hijacking vulnerabilities in several applications developed by Corel Software that could allow an attacker to execute arbitrary commands on victims' computer, potentially affecting more than 100 million users. The security holes were publicly disclosed by Marcos Accossatto from a vulnerability research firm Core Security after the vendor didn’t respond to his private disclosure about the flaws. Corel develops wide range of products including graphics, photo, video and other media editing programs. According to the researcher, when a media file associated with one of the vulnerable Corel products is opened, the product also loads a specifically named DLL (Dynamic Link Library) file into memory if it's located in the same directory as the opened media file. These DLL files contain executable code which could allow an attacker to install malware on victims' computers by inserting malicious DLLs into the
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.