Category Archives: proof of concept attack

New round of bugs found in Citrix software, but this time a patch is ready

Posted on by

Six months ago, a critical vulnerability found in software made by Citrix set off an uncomfortable few weeks for the virtual private networking vendor and the Fortune 500 companies that rely on its products. It took Citrix a month to release a software fix, well after researchers were warning that malicious hackers were actively exploiting the vulnerability. Even with a fix available, Chinese spies conducted a sweeping operation that took advantage of the software flaw in critical infrastructure sectors. On Tuesday, Citrix revealed 11 new vulnerabilities in those same cloud-based and remote access products. This time, the Florida-based VPN service provider is hoping to head off attacks by having patches available immediately. The vulnerabilities, under certain conditions, could allow an attacker to inject malicious code into a network running Citrix software, or conduct a denial-of service attack on virtual servers. Citrix urged customers to install the fixes. There haven’t been […]

The post New round of bugs found in Citrix software, but this time a patch is ready appeared first on CyberScoop.

Continue reading New round of bugs found in Citrix software, but this time a patch is ready

Researcher finds vulnerability in popular microchips used in Android and iPhones

Posted on by

Security researchers have found a crucial vulnerability in a popular chipset used in smartphones that allows for an attacker to launch a remote, Wi-Fi delivered virus to a targeted device. Newer versions of Apple’s iPhone and many of Samsung’s flagship Android phones carry an affected Broadcom manufactured chipset. While Apple patched the vulnerability on Monday with the release of iOS 10.3.1, a variety of different Android devices remain susceptible to the proof-of-concept attack. An Apple security advisory concerning the vulnerability notes, “an attacker within range may be able to execute arbitrary code on the Wi-Fi chip.” iOS 10.3.1 fixes the issue by patching a “stack buffer overflow” problem, the advisory reads. The proof-of-concept exploit was developed by Google Project Zero researcher Gal Beniamini. Google plans to release its own patch in its April security bulletin, but the update will only be available to a “select number of device models,” according to […]

The post Researcher finds vulnerability in popular microchips used in Android and iPhones appeared first on Cyberscoop.

Continue reading Researcher finds vulnerability in popular microchips used in Android and iPhones