Squeeze Volume 12 - sudo, Cisco, WhatsApp, and Android Bluetooth bugs & more!

Welcome to Squeeze, a curated selection of interesting infosec articles from the past week that you may have missed.

Secjuice, Manmeet Singh Bhatia, Chad Calease, Bhumish Gajjar, k4b00m - HO, Olivia Stella

Feb 9, 2020 • 4 min read

Welcome to the twelfth edition of the Secjuice Squeeze, a selection of interesting infosec articles that you may have missed and curate them for your reading pleasure. This week's volume was compiled by Bhumish Ghajar, Guise Bule, Chad Calease, Manmeet Singh, Olivia Stella and Hozaifa Owaisi.

Sudo Bug Lets You Run Commands as Root

Joe Vennix of Apple security has found a significant vulnerability in the sudo utility that, under a specific configuration, allows low privilege users or programs to execute arbitrary commands with administrative ('root') privileges on Linux or macOS systems. According to Vennix, the flaw can only be exploited when the "pwfeedback" option (a feature that provides an asterisk (*) as visual feedback) is enabled in the sudoers configuration file when a user inputs a password in the terminal.

Link: https://thehackernews.com/2020/02/sudo-linux-vulnerability.html

Only 3% Of Airports Pass Security Checks

Only three of the world's top 100 international airports pass necessary security checks, according to a report published last week. The three airports are the only ones that passed a long list of security tests that involved checks of their public websites, official mobile applications, and searches for leaks of sensitive airport or passenger data in places (like cloud services, public code repositories, or the dark web).

Link: https://www.zdnet.com/article/only-three-of-the-top-100-international-airports-pass-basic-security-checks/

Critical Security Bug found in Whatsapp

A cybersecurity researcher has disclosed technical details of multiple high severity vulnerabilities he discovered in WhatsApp, which could have allowed remote attackers to compromise the security of users in different ways if exploited. It was revealed that WhatsApp Web was vulnerable to a potentially dangerous open-redirect flaw that led to persistent cross-site scripting attacks, which could have been triggered by sending a specially crafted message to the targeted WhatsApp users.

Link: https://threatpost.com/whatsapp-bug-malicious-code-injection-rce/152578/

WhatsApp Bug Allows Malicious Code-Injection, One-Click RCE

Serious Bugs in Cisco Affect Millions of Devices

A total of five high-rated Cisco vulnerabilities, dubbed collectively as CDPwn, have been confirmed. CDPwn exposes vulnerabilities, four remote code executions, and one denial of service in the Cisco proprietary Layer 2 network discovery protocol that is implemented in switches, routers, cameras, and IP phones. The good thing is that attacks can't be mounted over the internet. As explained above, the CDP protocol works only inside local networks, at the Data Link Layer, and is not exposed on a device's WAN interface -- via which most internet attacks come from.

Link: https://www.forbes.com/sites/daveywinder/2020/02/05/cisco-confirms-5-serious-security-threats-to-tens-of-millions-of-network-devices/

Critical Android Bluetooth Bug Fixed

Google has patched this week with a critical security flaw in Android's Bluetooth component. If left unpatched, the vulnerability can be exploited without any user interaction and can even be used to create self-spreading Bluetooth worms. The bug allows an attacker to "silently execute arbitrary code with the privileges of the Bluetooth daemon." No user interaction is required, and only the Bluetooth MAC address of the target devices has to be known. For some devices, the Bluetooth MAC address can be deduced from the WiFi MAC address.

Link: https://www.zdnet.com/article/google-fixes-no-user-interaction-bug-in-androids-bluetooth-component/