- Samsung’ Tizen OS Contains Tons of Critical Security Flaws
Samsung uses Tizen OS in its mobile phones, smart TVs, and smartwatches. Samsung states that Tizen is an open-source OS. According to the company’s November 2016 statistics, the OS was used in 50 million devices including Samsung Gear S3 smartwatch and their Smart TVs. If you are using Tizen OS bad news for you. According to the findings of an Israeli IT security researcher, this OS contains around 40 Critical security flaws. According to the researcher, the Tizen OS is highly vulnerable. The security flaw allows an attacker to gain control of any Samsung device remotely. After controlling, the attacker can easily inject malicious code or malware into a Tizen device, reports MotherBoard.
Cyber Security Tips: Company need to fix the issues as soon as possible, users are recommended to keep a backup of your critical data and once company release patches immediately apply it.
- Google Patches 31 Critical Flaws in Android
From last few days, hackers are targeting Android due to vulnerabilities present in android but ow good news for users. Google recently patched 31 flaws. Google this week released security updates for Android to resolve numerous Critical remote code execution (RCE) and elevation of privilege (EoP) vulnerabilities in the platform. Over 100 vulnerabilities were resolved in Android this month. There were 6 Critical RCE issues affecting Mediaserver; High-risk flaws such as EoPs in CameraBase, Audio servers, and SurfaceFlingerș Information disclosure in Mediaserver; and denial of service (DoS) vulnerabilities in libskia and Mediaserver. The Moderate severity issues included EoP bugs in libnl and Telephony, along with Information disclosure vulnerabilities in Mediaserver, libskia, and Factory Reset. One of the most severe of these vulnerabilities was a RCE issue in Broadcom Wi-Fi firmware according to news published by SecurityWeek.
Cyber Security Tips: Android users are recommended to update your android with latest patches.
- Flaws in Java AMF Libraries Allow Remote Code Execution
Deserialization-related vulnerabilities found in several Java implementations of AMF3 can be exploited for unauthenticated remote code execution and XXE attacks, warned CERT/CC. The security holes were reported to CERT/CC and vendors by Markus Wulftange, the senior penetration tester at Code White. Patches have been made available for some of the affected products. Serialization is the process where an object is converted to a stream of bytes in order to store or transmit that object to memory or a file. The process in which serialized data is extracted is called deserialization and it can lead to significant security flaws if not handled properly. The flaws allow an attacker to execute code remotely. This security hole is said to affect Atlassian’s JIRA, Exadel’s Flamingo, GraniteDS, Spring spring-flex, and WebORB for Java by Midnight Coders. According to CERT/CC, products from HPE, SonicWall and VMware could also be affected according to report published by SecurityWeek.
Cyber Security Tips: Developers are recommended to use versions of JDK that implement serialization blacklisting filters and ensure that their products properly handle deserialized data from untrusted sources.