Security News

A vulnerability patched recently in the WordPress Download Manager plugin could be abused to execute arbitrary code under specific configurations, the Wordfence team at WordPress security company Defiant warns. Tracked as CVE-2021-34639 and having a CVSS score of 7.5, the bug is an authenticated file upload issue that could have allowed attackers to upload files with php4 extensions, as well as files that could be executed if certain conditions were met.

Fortinet on Monday announced the availability of patches for a vulnerability in both FortiManager and FortiAnalyzer that could allow an attacker to execute code with root privileges. While FortiManager delivers full administration capabilities, FortiAnalyzer provides log management, analytics and reporting capabilities.

Security appliance slinger Fortinet has warned of a critical vulnerability in its own FortiGate products which can be exploited to allow unauthenticated attackers full control over the target system - providing a particular daemon is enabled. The vulnerability, discovered by Orange Group security researcher Cyrille Chatras and sent to Fortinet privately for responsible disclosure, lies in the FortiManager and FortiAnalyzer software running atop selected models in the company's FortiGate security appliance family.

Apple in early 2021 quietly patched an iOS vulnerability that could lead to remote code execution when connecting to a Wi-Fi access point that had a specially crafted SSID. The issue was initially brought to light last month, when reverse engineer Carl Schou discovered that the Wi-Fi functionality on his iPhone would completely crash when connecting to a hotspot that had the SSID "%p%s%s%s%s%n. The issue, which impacts all iOS devices running iOS 14.0 to 14.6, was deemed to be a format string bug, where iOS is considering the characters that follow "%" as string-format specifiers, meaning that they are processed as commands, rather than text.

Cloudflare has fixed a critical vulnerability in its free and open-source CDNJS potentially impacting 12.7% of all websites on the internet. CDNJS serves millions of websites with over 4,000 JavaScript and CSS libraries stored publicly on GitHub, making it the second-largest JavaScript CDN. The vulnerability exploits comprised publishing packages to Cloudflare's CDNJS using GitHub and npm, to trigger a Path Traversal vulnerability, and eventually remote code execution.

Armis security researchers have warned of severe and unpatched remote code execution vulnerabilities in Schneider Electric's programmable logic controllers, allowing attackers to take control of a variety of industrial systems. The vulnerability itself, dubbed "ModiPwn," chains on two previously disclosed issues, discovered by security firm Talos in 2018 and 2019 respectively, which Schneider Electric claimed to have patched.

NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in. PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

The Zephyr real-time operating system for embedded devices received an update earlier this month that fixes multiple vulnerabilities that can cause a denial-of-service condition and potentially lead to remote code execution. Matias Karhumaa, a senior software engineer at Synopsys, an American electronic design automation company, found eight vulnerabilities in Zephyr after testing the lowest layers of the operating system's Bluetooth LE stack.

Lexmark printers - those ubiquitous, inky office workhorses that fill homes and offices, and are found all the way on up to the federal government - have an unpatched vulnerability that could lead to serious, easy-to-execute attacks that require neither privileges nor user interaction and which can lead to arbitrary code execution. Beyond known security vulnerabilities, Lexmark printers have in the past been prone to a trivial hack thanks to what researchers have called "Gross negligence" on the part of users.

Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle attacker to extract user data or execute arbitrary code. The new attack, dubbed ALPACA, has been described as an "Application layer protocol content confusion attack."