INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Releases MacOS Sonoma Including Numerous Security Patches
Published: 2023-09-26
Last Updated: 2023-09-26 20:30:09 UTC
by Johannes Ullrich (Version: 1)
As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities last week with the MacOS 13.6. When these updates were released, the security content was not made public, but with today's release of macOS 14, Apple revealed the security content of these prior updates.
The table below includes the updates released on September 21st and today (26th). It does not include CVSS scores. My ChatGPT-driven script to calculate them had too many issues with this set of updates to be helpful.
Also note that some of the "Exploited" vulnerabilities receives specific updates not included in this table...
Read the full entry:
https://isc.sans.edu/diary/Apple+Releases+MacOS+Sonoma+Including+Numerous+Security+Patches/30252/
A new spin on the ZeroFont phishing technique
Published: 2023-09-26
Last Updated: 2023-09-26 09:13:25 UTC
by Jan Kopriva (Version: 1)
Last week, I came across an interesting phishing e-mail, in which a text written in a font with zero-pixel size was used in quite a novel way.
The technique of embedding text with zero font size in phishing e-mails to break up text written in normal, visible way, in order to make detection of suspicious messages by automated means more difficult has been with us for quite some time now. In fact, all the way back in 2018, the team at Avanan coined the term “ZeroFont Phishing” for it.
Nevertheless, the “invisible” text in the e-mail which was delivered to our handler e-mail address last Friday did not serve the usual purpose – it wasn’t intended to hinder automated scanners from identifying the message as potentially fraudulent/malicious, but instead to make the message appear more trustworthy to the recipient.
Before we get to how it did this, let us quickly set the stage.
Modern e-mail clients commonly display received e-mail messages in a layout containing two side-by-side windows – one showing the list of received (or sent, drafted, etc.) messages and the other showing the body of a selected message. As you may see in the following image, Microsoft Outlook displays the name of a sender, its subject and the beginning of a text of each message in the left window, as do many other MUAs...
Read the full entry:
https://isc.sans.edu/diary/A+new+spin+on+the+ZeroFont+phishing+technique/30248/
Apple Patches Three New 0-Day Vulnerabilities Affecting iOS/iPadOS/watchOS/macOS
Published: 2023-09-21
Last Updated: 2023-09-21 18:37:59 UTC
by Johannes Ullrich (Version: 1)
This update patches three already exploited vulnerabilities:
(1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector
(2) CVE-2023-41992 Privilege Escalation. A follow-up after the initial access was achieved via the first vulnerability
(3) CVE-2023-41991 Certificate Validation Issue. A malicious app installed via 1 and 2 may be more difficult to detect due to this vulnerability
Patches are available for all currently supported operating systems and Safari to address the WebKit vulnerability.
iOS 17 (just released this week), as well as iOS 16, is vulnerable...
Read the full entry: