Connect with us

Mobile Hacking

A security update for Android addresses a Mali GPU flaw that can be used as a zero-day

Published

on

The Android platform’s monthly security update from Google includes fixes for 56 vulnerabilities, five of which have a critical severity rating and one that has been exploited since at least December of last year.

A patch for CVE-2022-22706, a high-severity flaw in the Mali GPU kernel driver from Arm that Google’s Threat Analysis Group (TAG) believes may have been used in a spyware campaign targeting Samsung phones, is included in the new security patch level 2023-06-05.

According to Google’s most recent bulletin, “There are indications that CVE-2022-22706 may be under limited, targeted exploitation.” In a March advisory, CISA also highlighted the active exploitation of CVE-2022-22706.

The high-severity security flaw grants non-privileged users write access to read-only memory pages, earning it a score of 7.8 out of 10.

Arm claims that the problem affects the following kernel driver versions:

Driver for Midgard GPU Kernel: From r26p0 to r31p0
Bifrost GPU Kernel Driver: From r0p0 to r35p0,
Valhall GPU Kernel Driver is available. Arm fixed the problem in Bifrost and Valhall GPU Kernel Driver r36p0
Midgard Kernel Driver r32p0 (all versions from r19p0 to r35p0), but the fix is only now in the stable version of Android.

It is important to note that Samsung fixed CVE-2022-22706 in its update for May 2023. The fact that the spyware campaign explicitly targeted the company’s customers is likely the reason for the company’s swift response to the active exploitation of the flaw.

The following are the critical-severity flaws fixed in the Android update this month:

CVE-2023-21127 – Remote code execution flaw in Android Framework, impacting Android 11, 12, and 13. Fixed in security patch level “2023-06-01.”
CVE-2023-21108 – Remote code execution flaw in Android System, impacting Android 11, 12, and 13. Fixed in security patch level “2023-06-01.”
CVE-2023-21130 – Remote code execution flaw in Android System, impacting Android 13. Fixed in security patch level “2023-06-01.”
CVE-2022-33257 – Critical flaw of an undefined type, impacting Qualcomm closed-source components. Fixed in security patch level “2023-06-05.”
CVE-2022-40529 – Critical flaw of an undefined type, impacting Qualcomm closed-source components. Fixed in security patch level “2023-06-05.”

This security update is not available for devices running Android 10 or later because they are no longer supported.

Users of out-of-date devices ought to be aware of the possibility of an impact. They should either upgrade to a more recent Android model that is actively supported or use a third-party Android distribution that still provides security updates, despite the fact that these typically take some time to arrive.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Mobile Hacking

Pegasus Spyware Exploits Zero-Day Flaws on iPhones

Published

on

By

Apple issued emergency security updates on Thursday for iOS, iPadOS, macOS, and watchOS to fix two zero-day vulnerabilities that were used to distribute the mercenary spyware Pegasus from NSO Group.

CVE-2023-41061 – A validation issue in Wallet that could allow arbitrary code execution when handling a maliciously crafted attachment is the title of the issues.
When processing a maliciously crafted image, a buffer overflow in the Image I/O component (CVE-2023-41064) could allow arbitrary code to be executed.
While CVE-2023-41064 was found by the Resident Lab at the College of Torontoʼs Munk School, CVE-2023-41061 was found inside by Apple, with “help” from the Resident Lab.
iOS 16.6.1 and iPadOS 16.6.1 – iPhone 8 and later, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, and iPad mini 5th generation and later macOS Ventura 13.5.2 – macOS devices running macOS Ventura watchOS 9.6.2 – Apple Watch Series 4 and later In a separate alert, Citizen Lab disclosed that the twin flaws have been weaponized as part of a zero-click iMessage exploit chain dubbed BLASTPASS

The interdisciplinary laboratory stated, “The exploit chain was capable of compromising iPhones running the most recent version of iOS (16.6) without the victim’s interaction.” PassKit attachments with malicious images were sent to the victim from an attacker’s iMessage account as part of the exploit.”

Due to active exploitation, additional technical details about the flaws have been withheld. All things considered, the adventure is said to sidestep the BlastDoor sandbox system set up by Apple to relieve zero-click assaults.

“This most recent find shows indeed that common society is designated by exceptionally refined exploits and hired soldier spyware,” Resident Lab said, adding the issues were found last week while looking at the gadget of a unidentified individual utilized by a Washington D.C.- based common society association with global workplaces.
Since the beginning of the year, Cupertino has fixed a total of 13 zero-day bugs in its software. The most recent updates likewise show up over a month after the organization transported fixes for an effectively taken advantage of portion blemish (CVE-2023-38606).

Fresh insight about the zero-days comes as the Chinese government is accepted to have requested a boycott precluding focal and state government authorities from involving iPhones and other unfamiliar marked gadgets for work trying to lessen dependence on abroad innovation and in the midst of a heightening Sino-U.S. exchange war.

“The genuine explanation [for the ban] is: network safety (who could have imagined),” Zuk Avraham, security specialist and pioneer behind Zimperium, said in a post on X (previously Twitter). ” iPhones have a picture of being the most solid telephone… however, in actuality, iPhones are undependable by any means against basic reconnaissance.”

“Try not to trust me? Simply take a gander at the quantity of 0-ticks business organizations like NSO had throughout the years to comprehend that there is barely anything an individual, an association, or an administration can do to safeguard itself against digital surveillance by means of iPhones.”

Continue Reading

Ethical Hacking/Pen Testing

Remotely exploiting Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.

Published

on

By

PhoneSploit Pro

PhoneSploit with Metasploit Integration.

GitHub release (latest by date) CodeFactor Python GitHub Release Date GitHub last commit GitHub Repo stars GitHub forks

An all-in-one hacking tool written in Python to remotely exploit Android devices using ADB (Android Debug Bridge) and Metasploit-Framework.

Complete Automation to get a Meterpreter session in One Click

This tool can automatically CreateInstall, and Run payload on the target device using Metasploit-Framework and ADB to completely hack the Android Device in one click if the device has open ADB port TCP 5555.

The goal of this project is to make penetration testing on Android devices easy. Now you don’t have to learn commands and arguments, PhoneSploit Pro does it for you. Using this tool, you can test the security of your Android devices easily.

PhoneSploit Pro can also be used as a complete ADB Toolkit to perform various operations on Android devices over Wi-Fi as well as USB.

Features

v1.0

  • Connect device using ADB remotely.
  • List connected devices.
  • Disconnect all devices.
  • Access connected device shell.
  • Stop ADB Server.
  • Take screenshot and pull it to computer automatically.
  • Screen Record target device screen for a specified time and automatically pull it to computer.
  • Download file/folder from target device.
  • Send file/folder from computer to target device.
  • Run an app.
  • Install an APK file from computer to target device.
  • Uninstall an app.
  • List all installed apps in target device.
  • Restart/Reboot the target device to SystemRecoveryBootloaderFastboot.
  • Hack Device Completely :
    • Automatically fetch your IP Address to set LHOST.
    • Automatically create a payload using msfvenom, install it, and run it on target device.
    • Then automatically launch and setup Metasploit-Framework to get a meterpreter session.
    • Getting a meterpreter session means the device is completely hacked using Metasploit-Framework, and you can do anything with it.

v1.1

  • List all files and folders of the target devices.
  • Copy all WhatsApp Data to computer.
  • Copy all Screenshots to computer.
  • Copy all Camera Photos to computer.
  • Take screenshots and screen-record anonymously (Automatically delete file from target device).
  • Open a link on target device.
  • Display an image/photo on target device.
  • Play an audio on target device.
  • Play a video on target device.
  • Get device information.
  • Get battery information.
  • Use Keycodes to control device remotely.

v1.2

  • Send SMS through target device.
  • Unlock device (Automatic screen on, swipe up and password input).
  • Lock device.
  • Dump all SMS from device to computer.
  • Dump all Contacts from device to computer.
  • Dump all Call Logs from device to computer.
  • Extract APK from an installed app.

v1.3

  • Mirror and Control the target device.

v1.4

  • Power off the target device.

v1.5

  • Scan local network for connected devices to get Target IP Address.

v1.6

  • Record Microphone Audio
  • Stream Microphone Audio
  • Record Device Audio
  • Stream Device Audio

Requirements

  • python3 : Python 3.10 or Newer
  • adb : Android Debug Bridge (ADB) from Android SDK Platform Tools
  • metasploit-framework : Metasploit-Framework (msfvenom and msfconsole)
  • scrcpy : Scrcpy
  • nmap : Nmap

Run PhoneSploit Pro

PhoneSploit Pro does not need any installation and runs directly using python3

PhoneSploit Pro requires Python version 3.10 or above. Please update Python before running the program to meet the requirement.

On Linux / macOS :

Make sure all the required software are installed.

Open terminal and paste the following commands :

git clone https://github.com/AzeemIdrisi/PhoneSploit-Pro.git
cd PhoneSploit-Pro/
python3 phonesploitpro.py

On Windows :

Make sure all the required software are installed.

Open terminal and paste the following commands :

git clone https://github.com/AzeemIdrisi/PhoneSploit-Pro.git
cd PhoneSploit-Pro/
  1. Download and extract latest platform-tools from here.

  2. Copy all files from the extracted platform-tools or adb directory to PhoneSploit-Pro directory and then run :

python phonesploitpro.py

Screenshots

Screenshot Page 1 Screenshot Page 2 Screenshot Page 3

Tutorial

Setting up Android Phone for the first time

  • Enabling the Developer Options
  1. Open Settings.
  2. Go to About Phone.
  3. Find Build Number.
  4. Tap on Build Number 7 times.
  5. Enter your pattern, PIN or password to enable the Developer options menu.
  6. The Developer options menu will now appear in your Settings menu.
  • Enabling USB Debugging
  1. Open Settings.
  2. Go to System > Developer options.
  3. Scroll down and Enable USB debugging.
  • Connecting with Computer
  1. Connect your Android device and adb host computer to a common Wi-Fi network.
  2. Connect the device to the host computer with a USB cable.
  3. Open a terminal in the computer and enter the following command :
adb devices
  1. A pop-up will appear in the Android phone when you connect your phone to a new PC for the first time : Allow USB debugging?.
  2. Click on Always allow from this computer check-box and then click Allow.
  3. Then in the terminal enter the following command :
adb tcpip 5555
  1. Now you can connect the Android Phone with the computer over Wi-Fi using adb.
  2. Disconnect the USB cable.
  3. Go to Settings > About Phone > Status > IP address and note the phone’s IP Address.
  4. Run PhoneSploit Pro and select Connect a device and enter the target’s IP Address to connect over Wi-Fi.

Connecting the Android phone for the next time

  1. Connect your Android device and host computer to a common Wi-Fi network.
  2. Run PhoneSploit Pro and select Connect a device and enter the target’s IP Address to connect over Wi-Fi.

This tool is tested on

  • white_check_mark Ubuntu
  • white_check_mark Linux Mint
  • white_check_mark Kali Linux
  • white_check_mark Fedora
  • white_check_mark Arch Linux
  • white_check_mark Parrot Security OS
  • white_check_mark Windows 11
  • white_check_mark Termux (Android)

All the new features are primarily tested on Linux, thus Linux is recommended for running PhoneSploit Pro. Some features might not work properly on Windows.

Installing ADB

ADB on Linux :

Open terminal and paste the following commands :

  • Debian / Ubuntu
sudo apt update
sudo apt install adb
  • Fedora
sudo dnf install adb
  • Arch Linux / Manjaro
sudo pacman -Sy android-tools

For other Linux Distributions : Visit this Link

ADB on macOS :

Open terminal and paste the following command :

brew install android-platform-tools

or Visit this link : Click Here

ADB on Windows :

Visit this link : Click Here

ADB on Termux :

pkg update
pkg install android-tools

Installing Metasploit-Framework

On Linux / macOS :

curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
  chmod 755 msfinstall && \
  ./msfinstall

or Follow this link : Click Here

or Visit this link : Click Here

On Windows :

Visit this link : Click Here

or Follow this link : Click Here

Installing scrcpy

Visit the scrcpy GitHub page for latest installation instructions : Click Here

On Windows : Copy all the files from the extracted scrcpy folder to PhoneSploit-Pro folder.

If scrcpy is not available for your Linux distro like Kali Linux, then you can either manually install it : Manual Guide, or build it with a few simple steps : Build Guide

Installing Nmap

Nmap on Linux :

Open terminal and paste the following commands :

  • Debian / Ubuntu
sudo apt update
sudo apt install nmap
  • Fedora
sudo dnf install nmap
  • Arch Linux / Manjaro
sudo pacman -Sy nmap

For other Linux Distributions : Visit this Link

Nmap on macOS :

Open terminal and paste the following command :

brew install nmap

or Visit this link : Visit this Link

Nmap on Windows :

Download and install the latest stable release : Click Here

Nmap on Termux :

pkg update
pkg install nmap

Disclaimer

  • Neither the project nor its developer promote any kind of illegal activity and are not responsible for any misuse or damage caused by this project.
  • This project is for educational purpose only.
  • Please do not use this tool on other people’s devices without their permission.
  • Do not use this tool to harm others.
  • Use this project responsibly on your own devices only.
  • It is the end user’s responsibility to obey all applicable local, state, federal, and international laws.

Continue Reading

Mobile Hacking

Apple has fixed recently disclosed WebKit zero-day on older iPhones

Published

on

By

An actively exploited zero-day bug affecting older iPhones and iPads has been addressed by Apple in security updates to backport patches released last month.

The company fixed the WebKit-type confusion vulnerability (CVE-2023-23529) on newer iPhone and iPad models on February 13, 2023.

After successful exploitation, potential attackers can use it to cause OS crashes and gain code execution on compromised iOS and iPadOS devices.

After tricking the victims into opening malicious websites, the threat actors are able to execute arbitrary code on the targeted iPhones and iPads (this bug also affects Safari 16.3.1 on macOS Big Sur and Monterey).

“The execution of arbitrary code could occur when maliciously crafted web content is processed. “Apple describes the zero-day,” and “Apple is aware of a report that this issue may have been actively exploited.” There is a report that this vulnerability may have been actively exploited, and Apple is aware of it.

In addition, Apple has improved checks to address the zero-day in iOS 15.7.4 and iPadOS 15.7.4.

The rundown of influenced gadgets incorporates iPhone 6s (all models), iPhone 7 (all models), iPhone SE (first era), iPad Air 2, iPad little (fourth era), and iPod contact (seventh era) gadgets.

Although Apple claims to be aware of reports that this vulnerability has been exploited in attacks, the company has yet to publish information regarding these incidents. First zero-day exploited in the wild patched this year

However, Apple follows this procedure whenever it releases security updates for zero-day vulnerabilities that have been exploited in the wild.

The ability of as many users as possible to secure their devices is made possible by restricting access to technical details, which also slows down the efforts of attackers to create and spread additional exploits that target vulnerable devices.

Even though the zero-day CVE-2023-23529 was likely only used in specific attacks, it is highly recommended to install the most recent security updates as soon as possible to prevent attacks on iPhone and iPad users with older software.

Apple also backported patches for an exploitable zero-day flaw to older iPhones and iPads in January, as reported by Clément Lecigne of Google’s Threat Analysis Group.

Continue Reading

Trending