Researcher warns of a MacOS vulnerability that Apple refuses to correct
infosec

Researcher warns of a MacOS vulnerability that Apple refuses to correct

According to an Italian security researcher named Filippo Cavallarin, macOS Mojave 10.14.5 and younger are vulnerable to a ...
Read More
infosec

The Pentagon: Educates the cyber-squire for a world war on a deserted island!

The Pentagon: Few have access to Plum Island in which a secret branch of the US government is located and performs exercises ...
Read More
infosec tweaks

New generation malware and ways of protection: What you need to know

Every day we hear about new attacks by hackers on companies, organizations, and even individuals. The worrying is that the scammers ...
Read More
infosec

Google Play Protect protects your device from malware. Turn it on!

Due to the recent vulnerability of WhatsApp that enabled hackers to remotely install spyware on both ...
Read More
infosec

Hackers stole sensitive NederWoon customer information

A home rental company, NederWoon, has been hit by hackers. Hackers managed to get into the company's systems ...
Read More
Latest Posts

Zero-Day Vulnerability gives Hackers full access to PCs

vulnerability

A new zero-day vulnerability, which acts as a backdoor, giving access to hackers so they can take control of one Windows computer, announced by Kaspersky Lab.

This vulnerability is called CVE-2019-0895 and uses a use-after-free attack. The exploit is located at win32k.sys and provides Local Privilege hackers with the ability to access resources that users do not usually have.

How does vulnerability work?

  • It locates the memory
  • It loads the program into memory
  • Adds a pointer to memory

When the process is complete, the connection between the pointer and memory stops and the program inside the memory is deleted.

The anomaly occurs when the pointer is converted into a dangling pointer, which continues to point to a specific memory even when the job is completed. Hackers take advantage of these pointers to install custom programs, replacing the existing program in that malicious code memory.

Who are affected?

Use-after-free attack is a type of buffer overflow attack, and operating systems have security to deal with such issues. Windows uses the Address Space Layout Randomization (ASLR) for this purpose.

However, the exploitation targeted Windows 7, 8 and earlier versions of 10, with 64 bit processors, using the HMValidateHandle technique and bypassing the ASLR.

Windows zero-day vulnerability, in a nutshell, allows hackers to run code in the kernel, giving them increased access.

Since it was reported by Kaspersky Labs, Microsoft has taken action against this vulnerability and has promoted an update.

Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *