MalwareShield

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica

Incomplete information included in recent disclosures by Apple and Google reporting critical zero-day vulnerabilities under active exploitation in their products has created a “huge blindspot” that’s causing a large number of offerings from other developers to go unpatched, researchers said Thursday.

Two weeks ago, Apple reported that threat actors were actively exploiting a critical vulnerability in iOS so they could install espionage spyware known as Pegasus. The attacks used a zero-click method, meaning they required no interaction on the part of targets. Simply receiving a call or text on an iPhone was enough to become infected by the Pegasus, which is among the world’s most advanced pieces of known malware.

“Huge blindspot”

Apple said the vulnerability, tracked as CVE-2023-41064, stemmed from a buffer overflow bug in ImageIO, a proprietary framework that allows applications to read and write most image file formats, which include one known as WebP. Apple credited the discovery of the zero-day to Citizen Lab, a research group at the University of Toronto’s Munk School that follows attacks by nation-states targeting dissidents and other at-risk groups.

Four days later, Google reported a critical vulnerability in its Chrome browser. The company said the vulnerability was what’s known as a heap buffer overflow that was present in WebP. Google went on to warn that an exploit for the vulnerability existed in the wild. Google said that the vulnerability, designated as CVE-2023-4863, was reported by the Apple Security Engineering and Architecture team and Citizen Lab.

Further Reading

Rather than Apple, Google, and Citizen Lab coordinating and accurately reporting the common origin of the vulnerability, they chose to use a separate CVE designation, the researchers said. The researchers concluded that “millions of different applications” would remain vulnerable until they, too, incorporated the libwebp fix. That, in turn, they said, was preventing automated systems developers use to track known vulnerabilities in their offerings from detecting a critical vulnerability that’s under active exploitation.

“Since the vulnerability is scoped under the overarching product containing the vulnerable dependency, the vulnerability will only be flagged by vulnerability scanners for these specific products,” Rezillion researchers Ofri Ouzan and Yotam Perkal wrote. “This creates a HUGE blindspot for organizations blindly relying on the output of their vulnerability scanner.”

Google has further come under criticism for limiting the scope of CVE-2023-4863 to Chrome rather than in libwebp. Further, the official description describes the vulnerability as a heap buffer overflow in WebP in Google Chrome.

In an email, a Google representative wrote: “Many platforms implement WebP differently. We do not have any details about how the bug impacts other products. Our focus was getting a fix out to the Chromium community and affected Chromium users as soon as possible. It is best practice for software products to track upstream libraries they depend on in order to pick up security fixes and improvements.”

The representative noted that the WebP image format is mentioned in its disclosure and the official CVE page. The representative didn’t explain why the official CVE and Google’s disclosure did not mention the widely used libwebp library or the likelihood that other software was also likely to be vulnerable.

The Google representative didn’t answer a question asking if CVE-2023-4863 and CVE-2023-41064 stemmed from the same vulnerability. Citizen Lab and Apple didn’t respond to emailed questions before this story went live.

This content was originally published here.

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters | Ars Technica Read More »

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™

Raising the Bar in Backup Storage: The Actiphy StorageServer™ Advantage

If you’re an IT pro, you already know that protecting your data goes beyond just making backups; it’s also about where and how you’re storing those backups. Let’s introduce you to a next-level game-changer in this realm: Actiphy StorageServer™. Here, we’ll unpack its key features and discuss how it sets a new industry standard, distinguishing itself from competitors like Veeam and ShadowProtect.

Unbreachable Backup Storage: More than Just a Safety Deposit Box

The key to Actiphy StorageServer™’s prowess lies in its seamless integration with ActiveImage Protector™. It offers a secure and unique destination for all your backup needs. What really makes it shine? Its architecturally engineered design that’s highly resilient against ransomware. Instead of relying on a conventional network share, it creates an isolated “bucket” on the destination server, significantly mitigating the risk of falling victim to ransomware.

Turbocharged Performance: Redefining Backup Speed and Reliability

Gone are the days of settling for sluggish HDD read/write speeds. Actiphy StorageServer™ employs cache devices like USB SSDs to bypass this bottleneck. Our tests have shown that leveraging these cache devices amps up the backup speed six-fold compared to conventional methods.

Next-Gen Data Transmission: QUIC, Unbreakable, and Blazing Fast

Tech enthusiasts, take note: Actiphy StorageServer™ employs the QUIC protocol for data transmission. It’s not just about velocity—it’s also about providing ultra-reliable and hyper-secure communication channels. When data integrity is your top priority, Actiphy redefines the rules of the game.

One Size Doesn’t Fit All: Multi-Platform Support

Whether you’re rooted in a Windows, Linux, or Docker environment, Actiphy StorageServer™ offers a flexible approach to meet your operating system requirements.

Control Room: The Intuitive Web Console

Though the server demands are minimal, don’t underestimate the power of its web console. Packed with robust features such as real-time monitoring, intuitive bucket management, and cache device configurations, it ensures you always have the upper hand.

Extra Goodies:

  • Event Monitoring: Keep tabs on client connections and task statuses through real-time logs.
  • Alerts: Stay informed with email notifications for specific events, fortified with SSL/TSL support.
  • Symbiotic Relationship: Crafted to operate in unison with ActiveImage Protector™.

Final Takeaway

Actiphy StorageServer™ is the ultimate solution for IT experts who are serious about elevating their backup storage strategy. With its potent combination of speed, security, and adaptability, it’s the smart choice for those looking to step up their data protection game.

Keep pace with breakthroughs like these. Subscribe to our newsletter and follow us on social media for real-time updates and insights.


Interested in learning more? Stay ahead of the curve by subscribing to our newsletter and following us on social media, 

Rethinking Backup Storage: An In-Depth Look at Actiphy StorageServer™ Read More »

Scroll to Top