Security

Microsoft fixes remote desktop app Mac hole

Full read/write access was there for the taking

Darren Pauli Tue 24 Jan 2017 // 04:01 UTC

Microsoft has patched a code execution hole in its Mac remote desktop client that grants read and write to home directories if users do no more than click a link, says Italian security researcher Filippo Cavallarin.

The hole was patched 17 January.

Cavallarin says the flaw allowed remote attackers to execute arbitrary code on vulnerable machines if users did not more than click phishing links.

From there, attackers would gain read and write access to Mac home directories.

"Microsoft Remote Desktop Client for Mac OS X allows a malicious terminal server to read and write any file in the home directory of the connecting user," Cavallarin says.

"The vulnerability exists to the way the application handles rdp urls. In the rdp url schema it's possible to specify a parameter that will make the user's home directory accessible to the server without any warning or confirmation request.

"If an attacker can trick a user to open a malicious rdp url, they can read and write any file within the victim's home directory."

Mac OS X apps like Safari, Mail, and Messages by default open clicked rdp urls without confirmation.

This drastically shortens the attack chain of most phishing attacks which require users to be convinced by some form of narrative to open links and attachments, and again to fill out personal data and credentials into fake forms.

Cavallarin included a proof-of-concept with his disclosure, increasing the need for users to apply the Microsoft updates. ®

Similar topics

Broader topics

Narrower topics

Corrections Send us news

Other stories you might like

Azure issues not adequately fixed for months, complain bug hunters

Redmond kicks off Patch Tuesday with a months-old flaw fix

Jessica Lyons Hardcastle Tue 14 Jun 2022 // 13:30 UTC

Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.
In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January.
And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse.

Continue reading
Symantec: More malware operators moving in to exploit Follina

Meanwhile Microsoft still hasn't patched the fatal flaw

Jeff Burt Thu 9 Jun 2022 // 11:45 UTC

While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it.
Microsoft late last month acknowledged the remote code execution (RCE) vulnerability – tracked as CVE-2022-30190 – but has yet to deliver a patch for it. The company has outlined workarounds that can be used until a fix becomes available.
In the meantime, reports of active exploits of the flaw continue to surface. Analysts with Proofpoint's Threat Insight team earlier this month tweeted about a phishing campaign, possibly aligned with a nation-state targeting US and European Union agencies, which uses Follina. The Proofpoint researchers said the malicious spam messages were sent to fewer than 10 Proofpoint product users.

Continue reading
Microsoft fixes under-attack Windows zero-day Follina

Plus: Intel, AMD react to Hertzbleed data-leaking holes in CPUs

Jessica Lyons Hardcastle Wed 15 Jun 2022 // 03:02 UTC

Patch Tuesday Microsoft claims to have finally fixed the Follina zero-day flaw in Windows as part of its June Patch Tuesday batch, which included security updates to address 55 vulnerabilities.
Follina, eventually acknowledged by Redmond in a security advisory last month, is the most significant of the bunch as it has already been exploited in the wild.
Criminals and snoops can abuse the remote code execution (RCE) bug, tracked as CVE-2022-30190, by crafting a file, such as a Word document, so that when opened it calls out to the Microsoft Windows Support Diagnostic Tool, which is then exploited to run malicious code, such spyware and ransomware. Disabling macros in, say, Word won't stop this from happening.

Continue reading

Now Windows Follina zero-day exploited to infect PCs with Qbot

Data-stealing malware also paired with Black Basta ransomware gang

Jeff Burt Thu 9 Jun 2022 // 00:29 UTC

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.
The bot's operators are also working with the Black Basta gang to spread ransomware in yet another partnership in the underground world of cyber-crime, it is claimed.
This combination of Follina exploitation and its use to extort organizations makes the malware an even larger threat for enterprises. Qbot started off as a software nasty that raided people's online bank accounts, and evolved to snoop on user keystrokes and steal sensitive information from machines. It can also deliver other malware payloads, such as backdoors and ransomware, onto infected Windows systems, and forms a remote-controllable botnet.

Continue reading
Apple’s M2 chip isn’t a slam dunk, but it does point to the future

The chip’s GPU and neural engine could overshadow Apple’s concession on CPU performance

Dylan Martin Fri 10 Jun 2022 // 20:27 UTC

Analysis For all the pomp and circumstance surrounding Apple's move to homegrown silicon for Macs, the tech giant has admitted that the new M2 chip isn't quite the slam dunk that its predecessor was when compared to the latest from Apple's former CPU supplier, Intel.
During its WWDC 2022 keynote Monday, Apple focused its high-level sales pitch for the M2 on claims that the chip is much more power efficient than Intel's latest laptop CPUs. But while doing so, the iPhone maker admitted that Intel has it beat, at least for now, when it comes to CPU performance.
Apple laid this out clearly during the presentation when Johny Srouji, Apple's senior vice president of hardware technologies, said the M2's eight-core CPU will provide 87 percent of the peak performance of Intel's 12-core Core i7-1260P while using just a quarter of the rival chip's power.

Continue reading
Apple dev roundup: Weather data meets privacy, and other good stuff

No AR/VR glasses but at least RoomPlan will let you make rapid 3D room maps

Thomas Claburn in San Francisco Wed 8 Jun 2022 // 23:27 UTC

WWDC Apple this week at its Worldwide Developer Conference delivered software development kits (SDKs) for beta versions of its iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 platforms.
For developers sold on seeking permission from Apple to distribute their software and paying a portion of revenue for the privilege, it's a time to celebrate and harken to the message from the mothership.
While the consumer-facing features in the company's various operating systems consist largely of incremental improvements like aesthetic and workflow enhancements, the developer APIs in the underlying code should prove more significant because they will allow programmers to build apps and functions that weren't previously possible. Many of the new capabilities are touched on in Apple's Platforms State of the Union presentation.

Continue reading

Hardware flaws give Bluetooth chipsets unique fingerprints that can be tracked

While this poses a privacy and security threat, an attacker's ability to exploit it may come down to luck

Jeff Burt Fri 10 Jun 2022 // 04:17 UTC

Researchers at the University of California San Diego have shown for the first time that Bluetooth signals each have an individual, trackable, fingerprint.
In a paper presented at the IEEE Security and Privacy Conference last month, the researchers wrote that Bluetooth signals can also be tracked, given the right tools.
However, there are technological and expertise hurdles that a miscreant would have to clear today to track a person through the Bluetooth signals in their devices, they wrote.

Continue reading
We sat through Apple's product launch disguised as a dev event so you don't have to

M2 chip teased plus MacBooks, iOS 16, macOS 13, watchOS 9 and more

Thomas Claburn in San Francisco Mon 6 Jun 2022 // 21:36 UTC

WWDC Apple opened its 33rd annual Worldwide Developer Conference on Monday with a preview of upcoming hardware and planned changes in its mobile, desktop, and wrist accessory operating systems.
The confab consists primarily of streamed video, as it did in 2020 and 2021, though there is a limited in-person component for the favored few. Apart from the preview of Apple's homegrown Arm-compatible M2 chip – coming next month in a redesigned MacBook Air and 13" MacBook Pro – there was not much meaningful innovation. The M2 Air has a full-size touch ID button, apparently.
Apple's software-oriented enhancements consist mainly of worthy but not particularly thrilling interface and workflow improvements, alongside a handful of useful APIs and personalization capabilities. Company video performers made no mention of Apple's anticipated AR/VR headset.

Continue reading
Microsoft pledges neutrality on unions for Activision staff

Now can we just buy them, please?

Brandon Vigliarolo Mon 13 Jun 2022 // 18:03 UTC

Microsoft isn't wasting time trying to put Activision Blizzard's problems in the rearview mirror, announcing a labor neutrality agreement with the game maker's recently-formed union.
Microsoft will be grappling with plenty of issues at Activision, including unfair labor lawsuits, sexual harassment allegations and toxic workplace claims. Activision subsidiary Raven Software, developers on the popular Call of Duty game series, recently voted to organize a union, which Activision entered into negotiations with only a few days ago.
Microsoft and the Communication Workers of America (CWA), which represents Raven Software employees, issued a joint statement saying that the agreement is a ground-breaking one that "will benefit Microsoft and its employees, and create opportunities for innovation in the gaming sector."

Continue reading
Zero-day vuln in Microsoft Office: 'Follina' will work even when macros are disabled

Researchers comb through code execution flaw found in malicious document

Richard Speed Mon 30 May 2022 // 18:01 UTC

Updated Infosec researchers have idenitied a zero-day code execution vulnerability in Microsoft's ubiquitous Office software.
Dubbed "Follina", the vulnerability has been floating around for a while (cybersecurity researcher Kevin Beaumont traced it back to a report made to Microsoft on April 12) and uses Office functionality to retrieve a HTML file which in turn makes use of the Microsoft Support Diagnostic Tool (MSDT) to run some code.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Do not sell my personal information Cookies Privacy Ts&Cs