Tutoriales y Manuales
Entradas Mensuales
-
►
2024
(Total:
1090
)
- ► septiembre (Total: 50 )
-
►
2023
(Total:
710
)
- ► septiembre (Total: 65 )
-
►
2022
(Total:
967
)
- ► septiembre (Total: 72 )
-
►
2021
(Total:
730
)
- ► septiembre (Total: 56 )
-
►
2020
(Total:
212
)
- ► septiembre (Total: 21 )
-
►
2019
(Total:
102
)
- ► septiembre (Total: 14 )
-
►
2017
(Total:
231
)
- ► septiembre (Total: 16 )
-
►
2016
(Total:
266
)
- ► septiembre (Total: 38 )
-
▼
2015
(Total:
445
)
-
▼
septiembre
(Total:
47
)
- Google presenta oficialmente LG Nexus 5X y Huawei ...
- Vulnerabilidad en el cómputo de los clics en Googl...
- Timos y Fraudes vía WhatsApp en España
- Detectan un aumento inusual de ataques contra rout...
- Microsoft presenta oficialmente Office 2016
- Wikimedia publica su propio servicio de mapas basa...
- Hackean la cuenta de Facebook de Collet: "Los espa...
- Becas INCIBE de estudios de especialización en cib...
- Cartuchos de impresora: ojo con algunos modelos
- Parche de Apple soluciona vulnerabilidades crítica...
- Nueva actualización de seguridad para Adobe Flash ...
- Hackaton de CyberCamp 2015
- Semana Europea de la Programación (Octubre 2015)
- Google Chrome se cuelga con tan solo 16 caracteres
- Inhibidores de señal Wifi: inhabilita cámaras y dr...
- Espíame, no tengo nada que ocultar
- Cómo secar un móvil si se ha mojado por accidente
- Amazon presenta su tablet de 50 dólares
- Novedades del nuevo Chromecast de Google
- Grave vulnerabilidad en Bugzilla ya parcheada
- iOS 9 ya está disponible y corrige 101 fallos de s...
- Escritor pierde parte del libro de su vida por cul...
- Corrigen múltiples vulnerabilidades en WordPress 4...
- Extracción de hashes y contraseñas en texto plano ...
- Libro en inglés sobre Ingeniería Inversa app de iOS
- Suite de Test de Vulnerabilidades Android VTS
- Disponible DbgKit 1.3. (GUI para WinDbg)
- El iPhone 6s tiene 2 GB de RAM
- Firefox mostrará anuncios al abrir una nueva pestaña
- Google tomará medidas contra el Ransomware en Andr...
- ¿Es necesario crear un Carnet de Hacker en España?
- EEUU quiere prohibir firmwares alternativos en rou...
- Disponibles SystemRescueCd v4.6.0 y SparkyLinux 4....
- Documentos que instalan un backdoor a través de un...
- Según un estudio, la mitad de los iPhones son vuln...
- Nueva herramienta gratuita de Ashampoo para config...
- Adblock Plus: el nuevo navegador para iOS y Androi...
- Hackean el Twitter y Facebook de Irina Shayk
- Encontrada puerta trasera en discos NAS de Seagate...
- El Google Nexus 6 ha bajado casi un 50% de precio ...
- Canon presenta un sensor de 250 megapíxeles
- Google Chrome versión 45 promete ahorrar memoria R...
- Liberada herramienta Evil FOCA con licencia GPL
- Comparativa de Gestores de Contraseñas para Window...
- Google estrena nuevo Logo y Favicon
- Movistar también ofrecerá 300 MB simétricos
- AIO 2015 - Compilación herramientas análisis y des...
-
▼
septiembre
(Total:
47
)
-
►
2014
(Total:
185
)
- ► septiembre (Total: 18 )
-
►
2013
(Total:
100
)
- ► septiembre (Total: 3 )
-
►
2011
(Total:
7
)
- ► septiembre (Total: 1 )
Blogroll
Etiquetas
seguridad
(
396
)
privacidad
(
364
)
google
(
355
)
ransomware
(
341
)
vulnerabilidad
(
305
)
Malware
(
265
)
Windows
(
246
)
android
(
244
)
cve
(
237
)
tutorial
(
237
)
manual
(
222
)
software
(
206
)
hardware
(
196
)
linux
(
127
)
twitter
(
117
)
ddos
(
95
)
WhatsApp
(
92
)
Wifi
(
85
)
cifrado
(
77
)
herramientas
(
75
)
hacking
(
73
)
sysadmin
(
68
)
app
(
65
)
Networking
(
57
)
nvidia
(
53
)
ssd
(
51
)
youtube
(
50
)
firmware
(
44
)
adobe
(
43
)
office
(
41
)
hack
(
40
)
firefox
(
36
)
contraseñas
(
32
)
eventos
(
32
)
antivirus
(
31
)
juegos
(
31
)
cms
(
30
)
flash
(
28
)
anonymous
(
27
)
apache
(
26
)
MAC
(
25
)
programación
(
25
)
exploit
(
23
)
multimedia
(
23
)
javascript
(
22
)
Kernel
(
20
)
ssl
(
19
)
SeguridadWireless
(
17
)
documental
(
16
)
Forense
(
15
)
conferencia
(
15
)
Debugger
(
14
)
lizard squad
(
14
)
técnicas hacking
(
13
)
auditoría
(
12
)
delitos
(
11
)
metasploit
(
11
)
Virtualización
(
10
)
adamo
(
9
)
reversing
(
9
)
Rootkit
(
8
)
Ehn-Dev
(
7
)
MAC Adress
(
6
)
antimalware
(
6
)
oclHashcat
(
5
)
Entradas populares
-
Después de ver qué es una vCPU y la diferencia entre núcleos (cores) e hilos en los procesadores, pasamos a explicar toda la nomenclatura d...
-
En la Operación Torpedo el FBI utilizó Metasploit Framework , un software totalmente libre construido originalmente sobre lenguaje Perl y p...
-
Recientemente, 2K Games ha sufrido un ataque dentro de su plataforma de soporte técnico. Dicha plataforma, fue hackeada y utilizada para...
Parche de Apple soluciona vulnerabilidades críticas en Apple Watch
miércoles, 23 de septiembre de 2015
|
Publicado por
el-brujo
|
Editar entrada
Apple ha lanzado una nueva versión de watchOS, el sistema operativo de
Apple Watch, en el que se ha resuelto un gran número de
vulnerabilidades. A través de dos de las vulnerabilidades parcheadas
podría ejecutar un sitio web malicioso código arbitrario en el reloj
inteligente.
Además, varias otras vulnerabilidades pueden hacer la ejecución de código arbitrario posible, por ejemplo, en el procesamiento de una fuente maligna.
Además, hay un problema resuelto en la remuneración de Apple haciendo un terminal de pago podría averiguar algunos datos de transacciones recientes en un pago. Además, era para un atacante que tiene una "posición de red privilegiada" es posible para interceptar las conexiones SSL / TLS y supervisar las actividades del usuario.
Una vulnerabilidad en el "Core Crypto" podría permitir a un atacante para determinar la clave privada RSA del usuario.
En total, Apple watchOS tiene 37 vulnerabilidades parcheadas.
Se puede hacer la actualización a través de la función de actualización de software del sistema operativo.
Además, varias otras vulnerabilidades pueden hacer la ejecución de código arbitrario posible, por ejemplo, en el procesamiento de una fuente maligna.
Además, hay un problema resuelto en la remuneración de Apple haciendo un terminal de pago podría averiguar algunos datos de transacciones recientes en un pago. Además, era para un atacante que tiene una "posición de red privilegiada" es posible para interceptar las conexiones SSL / TLS y supervisar las actividades del usuario.
Una vulnerabilidad en el "Core Crypto" podría permitir a un atacante para determinar la clave privada RSA del usuario.
En total, Apple watchOS tiene 37 vulnerabilidades parcheadas.
watchOS 2
- Apple Pay
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Some cards may allow a terminal to retrieve limited recent transaction information when making a payment
Description: The transaction log functionality was enabled in certain configurations. This issue was addressed by removing the transaction log functionality.
CVE-ID
CVE-2015-5916
- Audio
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Playing a malicious audio file may lead to an unexpected application termination
Description: A memory corruption issue existed in the handling of audio files. This issue issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5862 : YoungJin Yoon of Information Security Lab. (Adv.: Prof. Taekyoung Kwon), Yonsei University, Seoul, Korea
- Certificate Trust Policy
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Update to the certificate trust policy
Description: The certificate trust policy was updated. The complete list of certificates may be viewed at https://support.apple.com/kb/HT204873.
- CFNetwork
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: An attacker with a privileged network position may intercept SSL/TLS connections
Description: A certificate validation issue existed in NSURL when a certificate changed. This issue was addressed through improved certificate validation.
CVE-ID
CVE-2015-5824 : Timothy J. Wood of The Omni Group
- CFNetwork
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Connecting to a malicious web proxy may set malicious cookies for a website
Description: An issue existed in the handling of proxy connect responses. This issue was addressed by removing the set-cookie header while parsing the connect response.
CVE-ID
CVE-2015-5841 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
- CFNetwork
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: An attacker in a privileged network position can track a user's activity
Description: A cross-domain cookie issue existed in the handling of top level domains. The issue was addressed through improved restrictions of cookie creation.
CVE-ID
CVE-2015-5885 : Xiaofeng Zheng of Blue Lotus Team, Tsinghua University
- CFNetwork
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A person with physical access to an iOS device may read cache data from Apple apps
Description: Cache data was encrypted with a key protected only by the hardware UID. This issue was addressed by encrypting the cache data with a key protected by the hardware UID and the user's passcode.
CVE-ID
CVE-2015-5898 : Andreas Kurtz of NESO Security Labs
- CoreCrypto
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: An attacker may be able to determine a private key
Description: By observing many signing or decryption attempts, an attacker may have been able to determine the RSA private key. This issue was addressed using improved encryption algorithms.
- CoreText
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation.
CVE-ID
CVE-2015-5874 : John Villamil (@day6reak), Yahoo Pentest Team
- Data Detectors Engine
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
Description: Memory corruption issues existed in the processing of text files. These issues were addressed through improved bounds checking.
CVE-ID
CVE-2015-5829 : M1x7e1 of Safeye Team (www.safeye.org)
- Dev Tools
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in dyld. This was addressed through improved memory handling.
CVE-ID
CVE-2015-5876 : beist of grayhash
- Disk Images
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in DiskImages. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5847 : Filippo Bigarella, Luca Todesco
- dyld
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: An application may be able to bypass code signing
Description: An issue existed with validation of the code signature of executables. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-5839 : @PanguTeam, TaiG Jailbreak Team
- GasGauge
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: Multiple memory corruption issues existed in the kernel. These issues were addressed through improved memory handling.
CVE-ID
CVE-2015-5918 : Apple
CVE-2015-5919 : Apple
- ICU
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Multiple vulnerabilities in ICU
Description: Multiple vulnerabilities existed in ICU versions prior to 53.1.0. These issues were addressed by updating ICU to version 55.1.
CVE-ID
CVE-2014-8146
CVE-2015-1205
- IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A malicious application may be able to determine kernel memory layout
Description: An issue existed that led to the disclosure of kernel memory content. This issue was addressed through improved bounds checking.
CVE-ID
CVE-2015-5834 : Cererdlong of Alibaba Mobile Security Team
- IOAcceleratorFamily
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in IOAcceleratorFamily. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5848 : Filippo Bigarella
- IOKit
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A malicious application may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5844 : Filippo Bigarella
CVE-2015-5845 : Filippo Bigarella
CVE-2015-5846 : Filippo Bigarella
- IOMobileFrameBuffer
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with system privileges
Description: A memory corruption issue existed in IOMobileFrameBuffer. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5843 : Filippo Bigarella
- IOStorageFamily
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local attacker may be able to read kernel memory
Description: A memory initialization issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5863 : Ilja van Sprundel of IOActive
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5868 : Cererdlong of Alibaba Mobile Security Team
CVE-2015-5896 : Maxime Villard of m00nbsd
CVE-2015-5903 : CESG
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local attacker may control the value of stack cookies
Description: Multiple weaknesses existed in the generation of user space stack cookies. This was addressed through improved generation of stack cookies.
CVE-ID
CVE-2013-3951 : Stefan Esser
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local process can modify other processes without entitlement checks
Description: An issue existed where root processes using the processor_set_tasks API were allowed to retrieve the task ports of other processes. This issue was addressed through added entitlement checks.
CVE-ID
CVE-2015-5882 : Pedro Vilaça, working from original research by Ming-chieh Pan and Sung-ting Tsai; Jonathan Levin
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: An attacker in a local LAN segment may disable IPv6 routing
Description: An insufficient validation issue existed in handling of IPv6 router advertisements that allowed an attacker to set the hop limit to an arbitrary value. This issue was addressed by enforcing a minimum hop limit.
CVE-ID
CVE-2015-5869 : Dennis Spindel Ljungmark
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to determine kernel memory layout
Description: An issue existed in XNU that led to the disclosure of kernel memory. This was addressed through improved initialization of kernel memory structures.
CVE-ID
CVE-2015-5842 : beist of grayhash
- Kernel
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to cause a system denial of service
Description: An issue existed in HFS drive mounting. This was addressed by additional validation checks.
CVE-ID
CVE-2015-5748 : Maxime Villard of m00nbsd
- libpthread
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A local user may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue existed in the kernel. This issue was addressed through improved memory handling.
CVE-ID
CVE-2015-5899 : Lufeng Li of Qihoo 360 Vulcan Team
- PluginKit
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: A malicious enterprise application can install extensions before the application has been trusted
Description: An issue existed in the validation of extensions during installation. This was addressed through improved app verification.
CVE-ID
CVE-2015-5837 : Zhaofeng Chen, Hui Xue, and Tao (Lenx) Wei of FireEye, Inc.
- removefile
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Processing malicious data may lead to unexpected application termination
Description: An overflow fault existed in the checkint division routines. This issue was addressed with improved division routines.
CVE-ID
CVE-2015-5840 : an anonymous researcher
- SQLite
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Multiple vulnerabilities in SQLite v3.8.5
Description: Multiple vulnerabilities existed in SQLite v3.8.5. These issues were addressed by updating SQLite to version 3.8.10.2.
CVE-ID
CVE-2015-5895
- tidy
Available for: Apple Watch Sport, Apple Watch, and Apple Watch Edition
Impact: Visiting a maliciously crafted website may lead to arbitrary code execution
Description: A memory corruption issue existed in Tidy. This issues was addressed through improved memory handling.
CVE-ID
CVE-2015-5522 : Fernando Muñoz of NULLGroup.com
CVE-2015-5523 : Fernando Muñoz of NULLGroup.com
Se puede hacer la actualización a través de la función de actualización de software del sistema operativo.
Enviar por correo electrónico
Escribe un blog
Compartir en X
Compartir con Facebook
Compartir en Pinterest
0 comentarios :
Publicar un comentario
Los comentarios pueden ser revisados en cualquier momento por los moderadores.
Serán publicados aquellos que cumplan las siguientes condiciones:
- Comentario acorde al contenido del post.
- Prohibido mensajes de tipo SPAM.
- Evite incluir links innecesarios en su comentario.
- Contenidos ofensivos, amenazas e insultos no serán permitidos.
Debe saber que los comentarios de los lectores no reflejan necesariamente la opinión del STAFF.