Latest news with #PTSWARM
Mid East Info
24-06-2025
- Mid East Info
Apple thanks Positive Technologies for discovering a vulnerability in its Shortcuts app - Middle East Business News and Information
PT SWARM expert Egor Filatov found a critical vulnerability in Shortcuts, a built-in macOS app that streamlines device management by automating repetitive user actions. If successfully exploited, the security flaw could allow an attacker to gain full control over the device, including the ability to read, edit, and delete any data. If the compromised device happens to be a laptop connected to a corporate network, the attacker could also infiltrate the internal company infrastructure. The vulnerability, tracked as BDU:2025-02497 and rated 8.6 out of 10 on the CVSS 3.0 scale, affects Shortcuts 7.0 (2607.1.3). The vendor was notified of the threat in line with the responsible disclosure policy and has already released a software patch . Users are advised to upgrade to macOS Sequoia 15.5 or later. If updating the OS is currently not possible, Positive Technologies recommends users to pay close attention to the downloaded shortcuts before running them or avoid using them altogether. The Shortcuts app was introduced with macOS Monterey back in 2021 and has been supported in macOS Ventura, Sonoma, and Sequoia versions over the past four years. With the app, users can create shortcuts to automate various tasks, such as starting a timer, playing music, or converting text to audio. Users also have access to macros that provide ready-made shortcuts. A threat actor could leverage this functionality by uploading infected templates to the library. For the security flaw to be exploited, it would be enough for the victim to inadvertently run a malicious macro on their device. 'An attacker could exploit this vulnerability to target any Shortcuts user,' said Egor Filatov, Junior Mobile Application Security Researcher at Positive Technologies. 'Before remediation, the vulnerability allowed an attacker to bypass macOS security mechanisms and execute arbitrary code on the victim's system.' According to the expert, the potential consequences of successful attacks include the following: Theft of confidential data or deletion of valuable information Malware execution Installation of backdoors aimed at maintaining access to the system even after vulnerability patching Ransomware infection Disruption to the organization's business processes (if a corporate device is compromised) Positive Technologies experts have been studying Apple products for over a decade. In 2018, Maxim Goryachy and Mark Ermolov, while looking for security flaws in Intel Management Engine, found a firmware vulnerability ( CVE-2018-4251 ) affecting personal computers made by Apple and other manufacturers. In 2017, Timur Yunusov warned the community about multiple security gaps he discovered in Apple Pay: by exploiting the vulnerabilities, attackers could compromise users' bank cards and make unauthorized payments on external resources. Before that, another Positive Technologies researcher found and helped eliminate a critical vulnerability in the website, which could allow an adversary to conduct a directory traversal attack and gain access to private data. In addition to the macOS version of Shortcuts, there is also an iOS version of the app for mobile devices. To prevent threat actors from infiltrating the corporate network via vulnerable mobile apps, companies should protect their apps against reverse engineering. This can be done with solutions such as PT MAZE , which turns the application into an impenetrable maze, making attacks too resource-intensive for adversaries. Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Positive Technologies is the first and only cybersecurity company in Russia on the Moscow Exchange (MOEX: POSI), with 220,000 shareholders and counting. Follow us on X , LinkedIn , and in the News section at
TECHx
23-06-2025
- TECHx
Critical macOS Shortcuts Flaw Reported by PT SWARM Expert
Home » Emerging technologies » Cyber Security » Critical macOS Shortcuts Flaw Reported by PT SWARM Expert PT SWARM expert Egor Filatov has discovered a critical vulnerability in Shortcuts, a built-in Critical macOS app used to automate user actions. The flaw, if exploited, could give an attacker full control over a device. Positive Technologies revealed that the vulnerability is tracked as BDU:2025-02497 and carries a severity score of 8.6 out of 10 on the CVSS 3.0 scale. It affects Shortcuts version 7.0 (2607.1.3). The app has been part of macOS since Monterey, and is also supported in Ventura, Sonoma, and Sequoia. If a compromised device is connected to a corporate network, attackers could infiltrate the internal infrastructure. Filatov warned that it would be enough for a victim to run a malicious macro unknowingly. Positive Technologies reported that the vendor was notified in line with responsible disclosure policies. A patch has already been issued. Users are advised to upgrade to macOS Sequoia 15.5 or later. If an OS update is not possible, users should avoid downloading unknown shortcuts or using the app altogether. According to the report, possible consequences of exploitation include: Theft or deletion of sensitive data Remote malware installation and ransomware attacks Business disruption in corporate environments The company emphasized that threat actors could upload infected shortcut templates to the app's library. Before the patch, the flaw could be used to bypass macOS security and execute arbitrary code. Positive Technologies has a long track record of studying Apple products. In 2018, its researchers discovered a firmware flaw in Intel Management Engine that affected Apple computers. In 2017, vulnerabilities in Apple Pay were reported, allowing unauthorized transactions. The Shortcuts app is also available on iOS. To prevent threats on mobile, companies are advised to use solutions like PT MAZE. It protects apps by making reverse engineering difficult and costly for attackers.
Zawya
03-04-2025
- Zawya
Positive Technologies researcher discovers a new exploitation vector for previously known vulnerabilities in Intel processors
Dubai, UAE: PT SWARM expert Mark Ermolov discovered a new exploitation vector for the vulnerabilities CVE-2017-5705, CVE-2017-5706, CVE-2017-5707, CVE-2019-0090, and CVE-2021-0146, which Intel has already fixed. Previously, these issues only enabled partial compromise, but this new method can lead to a complete security breach of affected platforms. The newly discovered approach to exploitation can be applied to attacks on devices equipped with Intel Pentium, Celeron, and Atom processors from the Denverton, Apollo Lake, Gemini Lake, and Gemini Lake Refresh series. Production of these chips has ended, yet they remain in embedded systems, such as automotive electronics, and in ultra-mobile devices, including e-readers and mini-PCs. Intel was notified in accordance with the responsible disclosure policy but rejected the described problem and refused to take measures to eliminate or reduce the threat level. The main exploitation vector involves supply chain attacks [1]. Attackers can embed spyware at the assembly or repair stage without altering the hardware. "This approach requires no soldering or any other physical modification," said Ermolov. "Local access is enough to retrieve the encryption key and inject malicious code into Intel CSME firmware. These implants often slip under the radar of Intel Boot Guard, virtualization-based security (VBS), and antivirus solutions. They can operate unnoticed, capture user data, lock devices, erase or encrypt files, and carry out other destructive actions." A secondary risk involves exploiting these formerly patched flaws to bypass DRM [2] safeguards, which can grant unauthorized access to content from various streaming services. The newly identified method also circumvents some Amazon e-reader protections, allowing threat actors to copy data on devices powered by vulnerable Intel Atom processors. Attackers can also use these tactics to access data on encrypted storage devices like hard drives or SSDs. This approach can target laptops or tablets built on the at-risk processors. In 2021, Positive Technologies worked with Intel to reduce the danger posed by CVE-2021-0146, which allowed extraction of the platform chipset key. That key is one of the Intel CSME subsystem's most closely guarded secrets because it underpins the root of trust and generates every working key for data encryption and code integrity. The new exploitation method decrypts the chipset key by bypassing its fuse encryption layer, opening the door to malicious Intelligence ranks Intel as a leading chip supplier for IoT solutions. Its Atom E3900 processors, which are affected by the vulnerabilities, appear in devices used by dozens of automotive manufacturers. Organizations looking to maintain ongoing oversight of vulnerabilities can rely on MaxPatrol VM for continuous management. Should a breach occur, platforms like MaxPatrol SIEM can assist in spotting post-exploitation indicators and tracking further actions by attackers. About Positive Technologies Positive Technologies is an industry leader in results-oriented cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia to have gone public on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us in the News section at [1] Attacks on service providers, through third-party companies. [2] Digital rights management — technical means of copyright protection.
Zawya
20-03-2025
- Zawya
D-Link recommends replacing routers affected by the vulnerability discovered by Positive Technologies
Dubai: Vladimir Razov, an expert from the PT SWARM team, has discovered a vulnerability in several models of D-Link routers. According to Mordor Intelligence, D-Link is one of the top three Wi-Fi router manufacturers in the world. The vendor has been notified of the threat in line with the responsible disclosure policy and recommends that users switch to more recent devices. The vulnerability, which is registered as BDU:2024-06211 with a CVSS 3.0 score of 8.4, affects the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. At the time of the research, vulnerable routers could be discovered using search engines in the United States, Canada, Sweden, China, Indonesia, and Taiwan. According to the manufacturer, these models are no longer supported. D-Link recommends retiring the outdated devices and replacing them with supported devices that receive firmware updates. "If this vulnerability is successfully exploited, a malicious user authorized in the router's web interface can compromise the entire device and gain access to all traffic passing through it," says Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security department at Positive Technologies. As a temporary measure to mitigate the threat, Vladimir Razov recommends using OpenWrt (an open-source embedded operating system based on the Linux kernel and designed specifically for routers) or changing the login credentials for accessing the router's web interface. Previously, Positive Technologies helped address vulnerabilities in Zyxel routers and other Zyxel devices. Positive Technologies also enhanced its PT Industrial Security Incident Manager (PT ISIM) with an additional expertise pack, enabling cybersecurity teams to detect attempts to exploit vulnerabilities in MikroTik routers and Cisco switches. -Ends- About Positive Technologies Positive Technologies is an industry leader in result-driven cybersecurity and a major global provider of information security solutions. Our mission is to safeguard businesses and entire industries against cyberattacks and non-tolerable damage. Over 4,000 organizations worldwide use technologies and services developed by our company. Positive Technologies is the first and only cybersecurity company in Russia publicly available on the Moscow Exchange (MOEX: POSI), with 205,000 shareholders and counting. Follow us on X, LinkedIn, and in the News section at
TECHx
19-03-2025
- TECHx
Vulnerability Discovered in D-Link Routers, Users Urged to Upgrade - TECHx Media Vulnerability Discovered in D-Link Routers, Users Urged to Upgrade
Vladimir Razov, an expert from PT SWARM, has uncovered a critical vulnerability affecting several D-Link router models. D-Link, recognized as one of the top three Wi-Fi router manufacturers globally by Mordor Intelligence, has been informed of the issue under the responsible disclosure policy. The company recommends users replace older devices with newer, supported models. The vulnerability, assigned BDU:2024-06211 and a CVSS 3.0 score of 8.4, impacts the following D-Link models: DIR-878, DIR-882, DIR-2640-US, DIR-1960-US, DIR-2660-US, DIR-3040-US, DIR-3060-US, DIR-867-US, DIR-882-US, DIR-882/RE, DIR-882-CA, and DIR-882-US/RE. Vulnerable routers can be identified through search engines in regions including the United States, Canada, Sweden, China, Indonesia, and Taiwan. As these models are no longer supported by D-Link, the company advises users to retire outdated devices and replace them with supported ones that receive regular firmware updates. 'If exploited, this vulnerability could allow an attacker with authorized access to the router's web interface to compromise the device and intercept all network traffic,' said Vladimir Razov, Web Application Security Analyst at PT SWARM, the offensive security division of Positive Technologies. As a temporary solution, Razov suggests using OpenWrt, an open-source operating system for routers, or changing login credentials to enhance security. Positive Technologies has previously addressed vulnerabilities in Zyxel routers and other devices. Additionally, the company has updated its PT Industrial Security Incident Manager (PT ISIM) to help cybersecurity teams detect exploitation attempts targeting MikroTik routers and Cisco switches.
