Apparently #macOS now considers #Docker malware.
#infosec #cybersecurity
@g@irrelephant.co Oof, that's not good at all.
harrysintonen
joined 2 years ago
@screaminggoat@infosec.exchange Yep, that's the one.
19
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.
Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:
#vulnerability #infosec #cybersecurity
Disclosing details of a #vulnerability I discovered 1 year ago:
N-able Ecosystem Agent Improper Certificate Validation #CVE_2024_5445 vulnerability leads to #RCE as SYSTEM user.
Vulnerability details: https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt
N-able has rated this vulnerability CVSS 3.8, but the practical impact of this vulnerability is grave as it allows attackers in privileged network position to fully compromise vulnerable systems. While arguing for such low score N-able presentative stated that: "The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."
I think this is somewhat disingenuous.
#infosec #cybersecurity
@EndlessMason@hachyderm.io No struggle really, just figuring out the details.
As to bounty: I think they're just using the BugCrowd platform to manage their vulnerability program. At no point did they promise any rewards, nor did I expect any.
@EndlessMason@hachyderm.io I presume they will kick me out of the BugCrowd platform. I have no problem with that really. I've already considered the platform and this bug bounty in particular a lost cause.
1
A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many to disregard the vulnerability, which may have resulted in unpatched systems that remain vulnerable.
"I would like to remind you that as a researcher using the BugCrowd platform to submit this issue you are bound by the BugCrowd standard disclosure terms and you may not blog or disclose any information on the exploitation of this vulnerability."
I were to follow these rules, it would mean that countless of client systems could remain vulnerable to this critical vulnerability.
I’ve mostly had good experiences with bug bounty programs before this incident. Sure, I’ve had some disagreements at times, but I’ve never seen a program being abused like this before.
#responsibledisclosure #infosec #cybersecurity
I had actually forgotten I still had Docker installed on this system. I've now fixed this issue by uninstalling the malicious app. I'm using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!