As always at the end of the week, let's take a look at the most interesting vulnerabilities that have been disclosed recently. This week’s short summary includes zero-days in iOS, flaws in the IBM Data Risk Manager solution, MySQL Server, Zoom client, and more.
This week reports emerged about two serious flaws that allow remote attackers to hack iPhones and iPads via native iOS Mail app. The vulnerabilities in question are remote code execution flaws that reside in the MIME library of Apple's mail app.
The first vulnerability exists due to boundary error when processing email in the iOS MobileMail. A remote attacker can send a specially crafted email message, trigger an out-of-bounds write and execute arbitrary code on the target system. The second issue is a heap-overflow bug. Both flaws have been reportedly exploited in the wild in the series of attacks aimed at iOS high-profile users since at least January 2018.
Apple has addressed both bugs in iOS 13.4.5 beta. Note: in a recent statement Apple said it has no evidence these vulnerabilities “were used against the customers”.
Four dangerous vulnerabilities have been found in IBM Data Risk Manager solution (IDRM) that can lead to unauthenticated remote code execution (RCE) as root. The flaws are an authentication bypass, a command injection, an insecure default password, and an arbitrary file download.
IBM has already addressed two of the four vulnerabilities (the command injection vulnerability and the arbitrary file download bug) by releasing version 2.0.4.
MySQL Server and SQLite database software contain multiple vulnerabilities, including high-risk bugs that could be exploited to remotely compromise a vulnerable system. The remaining issues could allow a remote attacker to perform denial-of-service attacks, or gain access to sensitive data.
Jenkins AWS SAM plugin and Jenkins Yaml Axis plugin are affected by two RCE-flaws (CVE-2020-2180, CVE-2020-2179 accordingly). Both flaws exist due to the fact that YAML parser does not prevent the instantiation of arbitrary types, which could lead to a remote code execution.
A couple of vulnerabilities have been found in Zoom Client for Meetings 4.6.11. The issue is that the "airhost.exe" file uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context, which can be exploited by a remote attacker to gain unauthorized access to the application.
Multiple vulnerabilities have been addressed in Google Chrome browser, the most severe of which could allow a remote attacker to execute arbitrary code and compromise a vulnerable system.
Microsoft released out-of-band security updates for Office, Office 365 ProPlus, and Paint 3D products to fix multiple remote code execution vulnerabilities impacting the Autodesk FBX library that is integrated in Microsoft Office.
To exploit the bugs an attacker would need to trick the victim into opening a malicious 3D FBX file, which would trigger memory corruption.
Foxit PDF Reader and PhantomPDF are plagued by numerous high-severity flaws, which, if exploited, could enable remote code execution. All of them stem from a boundary error within the handling of U3D objects in PDF files and could be exploited by remote attackers if they manage to trick a victim into opening a maliciously crafted file.
The vulnerabilities affect Foxit PDF Reader and PhantomPDF Reader versions 9.7.1.29511 and earlier, and 3D Plugin Beta versions 9.7.1.29511 and earlier.
Several vulnerabilities exist in Joomla!, an open source content management system (CMS), the most severe of which could allow a remote non-authenticated attacker to gain access to restricted functionality, or compromise a vulnerable system.