@gabrielesvelto Yeah, information for that vulnerability is non-existent as well. In all the vulnerability management doesn't seem to be going great here.
Update: The "PeCoffLoader memory overflow issue for security" likely is CVE-2024-38796: https://nvd.nist.gov/vuln/detail/cve-2024-38796
Apparently there's a major #vulnerability in #AMD CPUs: "AMD Microcode Signature Verification Vulnerability."
The vulnerability was leaked by #ASUS in their beta BIOS changelog:
ASUS has since removed this entry from the changelog since it likely broke the embargo. Either way, this is not great as the new firmware is largely not yet available and likely won't be for a long while.
#infosec #cybersecurity
If you're using #Adobe #Acrobat you might want to check if your organization allows use of the by default enabled generative AI features: Acrobat sends the documents to cloud for processing, which likely goes against the data #privacypolicy of many orgs.
If unsure, go to Preferences > Generative AI and deselect "Enable generative AI features in Acrobat".
https://helpx.adobe.com/acrobat/using/disable-generative-ai.html
#privacy #defaults #enshittification
I had actually forgotten I still had Docker installed on this system. I've now fixed this issue by uninstalling the malicious app. I'm using #podman elsewhere already, just had this install lingering still. Apple: Thanks for the warning!
@g@irrelephant.co Oof, that's not good at all.
Apparently #macOS now considers #Docker malware.
#infosec #cybersecurity
@pancake@infosec.exchange it's restricted for other than macOS, it seems. In macOS it worked fine with location in Finland.
So far all my Apple Intelligence tests have been using a local model. The privacy report from Setting > Privacy & Security > Apple Intelligence Report > Export Activity generates JSON with:
{
"modelRequests": [],
"privateCloudComputeRequests": []
}
#appleintelligence #privacy
@pancake@infosec.exchange Really? It works for me and I'm in Finland, part of European Union. My account is indicates this as well.
#Apple Intelligence is now available in the European Union. While some features may not be fully functional yet, basic functionalities such as rewriting selected text seem to be working correctly. If you’re considering enabling this feature, please review the privacy policy at https://www.apple.com/legal/privacy/data/en/intelligence-engine/ Additionally, if you’re using a work device, it’s recommended to consult your organization’s IT department for further guidance.
#appleintelligence #europeanunion #eu #privacy
Here's a way to check if the #Spotlight searches are being shared with #Apple from the command line:
defaults read com.apple.assistant.support "Search Queries Data Sharing Status"
The values are:
1 - Enabled (data is being shared)
2 - Disabled (data is not shared)
NOTE: I do not know if there are other possible values, or what happens if the key is missing.
@Erklaerbaer Looks like it: "Information sent to Apple related to your searches is used to process your request and to develop and improve search results, such as by using your search queries to fine-tune Search models"
@Erklaerbaer@mastodon.social This appears to be a new "feature" in latest OS versions (macOS 15, iOS 18 etc)
From "About Search & Privacy...":
"Search and Privacy
Search is designed to protect your information and enable you to choose what you share.
To Make Search Results More Relevant, Some Information Is Sent to Apple and Not Associated with You
When you use Look Up or Visual Look Up, when you type in Search, Safari search, #images search in Messages, or when you invoke Spotlight, limited information will be sent to Apple to provide up-to-date suggestions. Any information sent to Apple does not identify you, and is associated with a 15-minute random, rotating device-generated identifier. This information may include location, topics of interest (for example, cooking or basketball), your search queries, including visual search queries, contextual information related to your search queries, suggestions you have selected, apps you use, and related device usage data. This information does not include search results that show files or content on your device. If you subscribe to music or video subscription services, the names of these services and the type of subscription may be sent to Apple. Your account name, number, and password will not be sent to Apple.
You can also search using Siri, such as by asking Siri to look up general knowledge or do things like get directions. When you use Siri, the transcript of your request and other data may be sent to Apple to process your request and may be stored. You can learn more about how Siri handles your data by going to Settings > Apple Intelligence & Siri.
Information sent to Apple related to your searches is used to process your request and to develop and improve search results, such as by using your search queries to fine-tune Search models. It is not linked to your Apple Account or email address.
Aggregated information may be used to improve other Apple products and services. Apple may also send a limited, randomly sampled set of search queries to search tools for the purpose of evaluating and improving the performance and quality of Search.
Search Engine Suggestions in Safari
Safari has a single field for searches and web addresses so you can browse the web from one convenient place. When Search Engine Suggestions are enabled, Safari will ask your selected search engine for suggestions based on what you’ve typed.
Preload Top Hit in Safari
With Preload Top Hit enabled, as soon as Safari determines a Top Hit based on your bookmarks and browsing history, Safari will begin loading the webpage in the background. If you disable this option, the page will load normally.
You Have Choice and Control
If you do not want your search queries to be stored by Apple and used to improve Search, you can disable Improve Search by going to Settings > Search and tapping to turn off Improve Search. Searches you make through Siri will still be stored and used to improve Siri if you have enabled Improve Siri & Dictation. You can disable Improve Siri & Dictation by going to Settings > Privacy & Security > Analytics & Improvements and tapping to turn off Improve Siri & Dictation.
If you do not want web-based content and search results, you can disable “Show in Look Up” and “Show in Spotlight” by going to System Settings > Search and tapping to turn off those features.
You can disable Safari Suggestions in Safari by going to Safari > Settings > Search and deselecting Include Safari Suggestions.
You can disable Location Services for Search by going to System Settings > Privacy & Security > Privacy > Location Services, then clicking Details next to System Services and turning off Suggestions & Search. If you turn off Location Services on your device, your location will not be sent to Apple.
Apple may process and store the information that is sent to Apple with trusted third-party service providers.
By using Siri Suggestions in Search, you agree and consent to Apple’s and its subsidiaries’ and agents’ transmission, collection, maintenance, processing, and use of this information. At all times, information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy."
#apple #privacy
Did you know that #Apple #macOS by default stores your local Spotlight searches and uses them to improve their service?
This option is NOT accessible from the obvious location of "Privacy and Security" but instead from "Spotlight". #privacy #telemetry #datacollection
@screaminggoat@infosec.exchange Yep, that's the one.
In January 2022 I discovered that #Microsoft #Office365 Message #Encryption (OME) utilized Electronic Codebook (ECB) mode of operation. I reported this, got paid a $5000 bounty and then things fell dead silent. By autumn I tried to follow up on this, and after numerous attempts to inquire about the schedule for a fix I was told that no fix was planned.
Luckily, Microsoft seems to have changed their mind about this, and the fix was applied in late 2023, after all:
#vulnerability #infosec #cybersecurity
I love the introductory chapter in the Bendix G15 Programmers's Reference Manual - when computers were still fresh enough that you had to start from the very basic concepts.
http://www.bitsavers.org/pdf/bendix/g-15/G15D_Programmers_Ref_Man.pdf
#retrocomputing #programming #bendixg15
New Finnish #windpower production record (>7 GW) today due to a winter storm. https://www.fingrid.fi/en/electricity-market/power-system/ #greenenergy #energy #FloatingIsFun
Disclosing details of a #vulnerability I discovered 1 year ago:
N-able Ecosystem Agent Improper Certificate Validation #CVE_2024_5445 vulnerability leads to #RCE as SYSTEM user.
Vulnerability details: https://sintonen.fi/advisories/n-able-ecosystem-agent-improper-certificate-validation.txt
N-able has rated this vulnerability CVSS 3.8, but the practical impact of this vulnerability is grave as it allows attackers in privileged network position to fully compromise vulnerable systems. While arguing for such low score N-able presentative stated that: "The vulnerability reported does not constitute an RCE, the Ecosystem agent is designed to run installation packages in a privileged context and the agent is doing what it should do when it receives such packages to install over the APIs."
I think this is somewhat disingenuous.
#infosec #cybersecurity
So what could you do if the microcode signature verification can be bypassed? While not directly applicable, this #defcon presentation "DEF CON 31 - Backdoor in the Core - Altering Intel x86 Instruction Set at Runtime - Krog, Skovsende" gives some ideas: