Zero-Day Warning: It’s Possible to Hack iPhones Just by Sending Emails

Watch out Apple users!

The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims.

The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app.

According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue.

Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with 'zero-click,' where no interaction is required from the targeted recipients.

8-Years-Old Apple Zero-Days Exploited in the Wild

According to the researchers, both flaws existed in various models of iPhone and iPad for the last 8 years since the release of iOS 6 and, unfortunately, also affect the current iOS 13.4.1 with no patch yet update available for the regular versions.

What's more worrisome is that multiple groups of attackers are already exploiting these flaws—for at least 2 years as zero-days in the wild—to target individuals from various industries and organizations, MSSPs from Saudi Arabia and Israel, and journalists in Europe.

"With very limited data, we were able to see that at least six organizations were impacted by this vulnerability – and the full scope of abuse of this vulnerability is enormous," the researchers said.

"While ZecOps refrain from attributing these attacks to a specific threat actor, we are aware that at least one 'hackers-for-hire' organization is selling exploits using vulnerabilities that leverage email addresses as the main identifier."

According to the researchers, it could be tough for Apple users to know if they were targeted as part of these cyber-attacks because it turns out that attackers delete the malicious email immediately after gaining remote access to the victims' device.

"Noteworthy, although the data confirms that the exploit emails were received and processed by victims' iOS devices, corresponding emails that should have been received and stored on the mail-server were missing. Therefore, we infer that these emails were deleted intentionally as part of an attack's operational security cleanup measures," the researchers said.

"Besides a temporary slowdown of a mobile mail application, users should not observe any other anomalous behavior."

To be noted, on successful exploitation, the vulnerability runs malicious code in the context of the MobileMail or maild application, allowing attackers "to leak, modify, and delete emails."

However, to remotely take full control over the device, attackers need to chain it together with a separate kernel vulnerability.

Though ZecOps hasn't mentioned any detail on what kind of malware attackers have been using to target users, it did believe that attackers are exploiting the flaws in combination with other kernel issues to successfully spy on their victims.

Beware! No Patch Yet Available

Researchers spotted in-the-wild-attacks and discovered the related flaws almost two months ago and reported it to the Apple security team.

At the time of writing, only the beta 13.4.5 version of iOS, released just last week, contains security patches for both zero-day vulnerabilities.

For millions of iPhone and iPad users, a public software patch will soon be available with the release of the upcoming iOS update.

Meanwhile, Apple users are strongly advised to do not to use their smartphones' built-in mail application; instead, temporarily switch to Outlook or Gmail apps.

In a piece of separate news, we today reported about another in-the-wild iPhone hacking campaign where Chinese hackers have been caught targeting Uyghur Muslims with exploit iOS chains and spyware apps.

 

Source :
https://thehackernews.com/2020/04/zero-day-warning-its-possible-to-hack.html

Dell Releases A New Cybersecurity Utility To Detect BIOS Attacks

Computer manufacturing giant Dell has released a new security tool for its commercial customers that aims to protect their computers from stealthy and sophisticated cyberattacks involving the compromise of the BIOS.

Dubbed 'SafeBIOS Events & Indicators of Attack' (IoA), the new endpoint security software is a behavior-based threat detection system that alerts users when BIOS settings of their computers undergo some unusual changes.

BIOS (Basic Input Output System) is a small but highly-privileged program that handles critical operations and starts your computer before handing it over to your operating system.

Protecting the BIOS program is crucial because:

  • Changes to the system BIOS settings could allow malicious software to run during the boot process,
  • Once a hacker takes over the BIOS, he can stealthily control the targeted computer and gain access to the data stored on it,
  • Malware in BIOS remains persistent and doesn't get away even when you format or erase your entire hard drive,
  • Attacks against the BIOS are typically hard to detect because they are invisible to antivirus and other security software installed on the system,
  • With stealth access to one of the compromised systems in an enterprise IT network, sophisticated attackers could move laterally throughout the infrastructure.

According to Dell, the controls offered by SafeBIOS can quickly mitigate the risk of BIOS tampering by bringing them to your attention timely, allowing you to quarantine infected PCs.

"Organizations need the ability to detect when a malicious actor is on the move, altering BIOS configurations on endpoints as part of a larger attack strategy. SafeBIOS now provides the unique ability to generate Indicators of Attack on BIOS configurations, including changes and events that can signal an exploit," David Konetski, VP Client Solutions Group CTO at Dell said in a blog post.

"When BIOS configuration changes are detected that indicate a potential attack, security and IT teams are quickly alerted in their management consoles, allowing for swift isolation and remediation. SafeBIOS Events & IoA provides IT teams the visibility into BIOS configuration changes and analyzes these for potential threats – even during an ongoing attack."

The company says the SafeBIOS Events and Indicators of Attack tool is currently available for Dell commercial PCs through its Dell Trusted Devices solution.

 

Source :
https://thehackernews.com/2020/04/dell-bios-protection.html

https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/

Change your Microsoft Office product key

This article applies to Office Home & Business, Office Professional, and individually purchased Office apps.If you bought multiple copies of Office and used the same Install button to install Office on multiple PCs, activation fails on the other PCs. This happens because each Install button is associated with a unique product key that can only be installed on one PC. To fix this, you can change the product key for the other PCs where you installed Office.

Note: After you change your product key, we recommend that you create a list to manage the product keys that you've installed. To learn how, see Manage multiple one-time-purchase Office installs that use the same Microsoft account.

Select your Office version below.

Office 2019, 2016 Office 2013 Office 365 Command line
  1. Sign in to your Services & subscriptions page with the email and password associated with the Microsoft account that was used to install Office.After you sign in, you should see a list of Office products that are associated with your Microsoft account.
  2. For the first product that's listed on the page, select View product key. Copy or write down the product key. This is likely the product key that was used multiple times to install Office.
  3. Select View product key for the remaining Office products and copy or write them down. These are likely the keys that you'll use to replace the key that was used multiple times.
  4. On a PC where Office activation is failing, open the Command Prompt as described below:
    Windows 10 and Windows 8.1Windows 7
    1. Select the Start button  (lower-left corner).
    2. Type Command Prompt.
    3. Right-click the Command Prompt icon, and select Run as administrator.
    1. Select the Start button  (lower-left corner).
    2. Right-click Command Prompt and select Run as administrator.
  5. From the drop-down list below, select your Office version and Windows version (32-bit or 64-bit) and run the commands as described.

    Tip: If you get an Input Error: Can not find script file... message, it means that you used the wrong command. Don’t worry, running the wrong command won’t hurt anything. Double-check your Office and Windows versions and try a different command.

    1. Copy the following command, paste the command into the Command Prompt window, and then press Enter. cscript "C:\Program Files\Microsoft Office\Office16\OSPP.VBS" /dstatusThe command prompt displays the last five characters of the product key that was used to install Office on the PC. Our example below uses XXXXX to represent these characters.

    2. Copy the following command, paste the command into the Command Prompt window, and replace XXXXX with the last 5 digits of the product key that was shown in the previous step. Press Enter to remove the product key.cscript "C:\Program Files\Microsoft Office\Office16\OSPP.VBS" /unpkey:XXXXX
    3. Copy the following command, paste the command into the Command Prompt window, and replace XXXXX-XXXXX-XXXXX-XXXXX-XXXXX with an unused product key from your list. Press Enter to change the key.cscript "C:\Program Files\Microsoft Office\Office16\OSPP.VBS" /inpkey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX

    Tips:

  6. Now start an Office app, such as Word, and select Next to activate Office over the Internet.
  7. Repeat this process for each PC where activation is failing.

Source :
https://support.office.com/en-us/article/change-your-office-product-key-d78cf8f7-239e-4649-b726-3a8d2ceb8c81?omkt=en-001&ui=en-US&rs=en-001&ad=US#ID0EABAAA=Command_line