腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

2017/05/22

Masato Kinugawa @kinugawamasato

[ Browser ] Blogged! IE/EdgeのXSSフィルターバイパスについて書きました。かなり有用なベクターです。あわせてXSSフィルターバイパスチートシートのIE/Edge版も公開しました！ http://masatokinugawa.l0.cm/2017/05/xss14.html https://t.co/oXXWYY9dcs

" IE/EDGE XSS filter PoC（日文）： http://masatokinugawa.l0.cm/2017/05/xss14.html "
argp @_argp

[ macOS ] Two new macOS XNU bugs by Jann Horn of P0: https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 and https://bugs.chromium.org/p/project-zero/issues/detail?id=1164

" macOS: raw frame pointers in stackshot，泄露内核原始栈指针（CVE-2017-2516）： https://bugs.chromium.org/p/project-zero/issues/detail?id=1164 macOS： kernel register leak via 32-bit syscall exit(CVE-2017-2509)： https://bugs.chromium.org/p/project-zero/issues/detail?id=1149 "
Catalin Cimpanu @campuscodi

[ Malware ] New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/ #SMB #WannaCry #malware https://t.co/sa9xbKtwI9

" 一次用 7 个 NSA 武器的新 SMB 蠕虫 - EternalRocks： https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/ Github： https://github.com/stamparm/EternalRocks/ "
x0rz @x0rz

[ Popular Software ] XSS over SMS: Hacking Text Messages in Verizon Messages https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages/ #XSS #vulnerability https://t.co/G75zjzygb5

" Verizon Messages 应用的 DOM XSS 漏洞详情： https://t.co/iVyW8HFzPC "
Project Zero Bugs @ProjectZeroBugs

[ Popular Software ] VMWare Workstation on Linux: unprivileged host user -> host root privesc via ALSA config https://bugs.chromium.org/p/project-zero/issues/detail?id=1142

" Linux 版本 VMware Workstation 的 Host 进程加载 ALSA 配置文件时存在一个 Root 用户虚拟机逃逸漏洞（CVE-2017-4915）： https://t.co/7bIUVsaCCG "

XuanwuSpider via 52pojie

[ Browser ] Chrome CDM框架重大缺陷，DRM视频轻易复制。通过一些手段就可以轻松绕过DRM保护机制，从而把视频重新封装为未压缩的MP4等格式文件： http://www.52pojie.cn/thread-609243-1-1.html
XuanwuSpider via 新浪微博蒸米spark

[ iOS ] marcograss 在 BlackHat Asia 2017 会议的演讲视频《Remotely Compromising iOS via Wi-Fi and Escaping the Sandbox》： https://www.youtube.com/watch?v=bP5VP7vLLKo
XuanwuSpider via seebug

[ MalwareAnalysis ] NSA之“Esteemaudit”深度分析与验证：警惕下一次“蓝”： http://paper.seebug.org/306/
XuanwuSpider via FreeBuf

[ MalwareAnalysis ] WannaCry勒索病毒详细解读： http://www.freebuf.com/articles/system/135196.html
XuanwuSpider via diablohorn.com

[ Network ] 利用 NSA 的量子插入(Quantum Insert)攻击实现绕过 IP 的限制： https://diablohorn.com/2017/05/21/quantum-insert-bypassing-ip-restrictions/
XuanwuSpider via 高通安全峰会

[ Programming ] C/C++ Undefined Behavior in 2017： http://www.cs.utah.edu/~regehr/ub-2017-qualcomm.pdf

2017/05/22