close
  • Ar chevron_right

    Apple lets some Big Sur network traffic bypass firewalls

    news.movim.eu / ArsTechnica · Tuesday, 17 November, 2020 - 20:48 · 1 minute

A somewhat cartoonish diagram illustrates issues with a firewall.

Enlarge (credit: Patrick Wardle)

Firewalls aren’t just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts.

Beginning with Big Sur released last week, some 50 Apple-specific apps and processes are no longer routed through firewalls like Little Snitch and Lulu. The undocumented exemption came to light only after Patrick Wardle, a security researcher at a Mac and iOS enterprise developer Jamf, disclosed the change over the weekend.

“100% blind”

To demonstrate the risks that come with this move, Wardle—a former hacker for the NSA—demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. He set Lulu to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that interacted with one of the apps that Apple exempted. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to receive commands and exfiltrate sensitive data.

Read 9 remaining paragraphs | Comments

index?i=XUr9W5AHxRs:f8o-Q-ENo-E:V_sGLiPBpWUindex?i=XUr9W5AHxRs:f8o-Q-ENo-E:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA
  • Ar chevron_right

    Code-execution bug in Pulse Secure VPN threatens patch laggards everywhere

    news.movim.eu / ArsTechnica · Wednesday, 26 August, 2020 - 12:30

Code-execution bug in Pulse Secure VPN threatens patch laggards everywhere

Enlarge (credit: Bid.in2corporate.com )

Organizations that have yet to install the latest version of the Pulse Secure VPN have a good reason to stop dithering—a code-execution vulnerability that allows attackers to take control of networks that use the product.

Tracked as CVE-2020-8218, the vulnerability requires an attacker to have administrative rights on the machine running the VPN. Researchers from GoSecure, the firm that discovered the flaw, found an easy way to clear that hurdle: trick an administrator into clicking on a malicious link embedded in an email or other type of message.

Phishing season has now officially started

“While it does require to be authenticated,” GoSecure researcher Jean-Frédéric Gauron wrote in a post , referring to the exploit, “the fact that it can be triggered by a simple phishing attack on the right victim should be evidence enough that this vulnerability is not to be ignored.”

Read 10 remaining paragraphs | Comments

index?i=oY6SoYP6cz8:NexhJzKGcxY:V_sGLiPBpWUindex?i=oY6SoYP6cz8:NexhJzKGcxY:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA