Tencent Security Xuanwu Lab Daily News

• That's FAR-out, Man:
https://blog.dfsec.com/ios/2023/11/19/thats-far-out-man/

   ・ 一个XNU内核信息泄露漏洞，该漏洞是由于XNU的异常处理程序无条件地复制了FAR_EL1寄存器中未初始化的值所导致的。 – SecTodayBot

• TitanNit Web Control 2.01 / Atemio 7600 Root Remote Command Execution:
https://packetstormsecurity.com/files/175926

   ・ Atemio AM 520 HD全高清卫星接收器存在漏洞，未经授权的攻击者可以利用应用程序中的getcommand查询执行具有提升权限的系统命令，从而获得root访问权限。 – SecTodayBot

• Sorry, you have been blocked:
https://packetstormsecurity.com/news/view/35233

   ・ ownCloud开源文件共享和协作软件存在严重漏洞，可能导致凭证和其他敏感信息的泄露，以及身份验证和验证绕过。 – SecTodayBot

• How IDA 7.2's installer password was found:
https://seri.tools/blog/ida-72-password/

   ・ IDA的MacOS和Linux安装程序存在明显缺陷，包括在设置文件中以明文形式存储密码 – SecTodayBot

• Big update to my Semgrep C/C++ ruleset:
https://security.humanativaspa.it/big-update-to-my-semgrep-c-cpp-ruleset/

   ・ 巧妙地将Ghidra与#Semgrep结合起来进行扫描，以保护二进制代码免受漏洞的侵害 – SecTodayBot

• Access denied:
https://www.zscaler.com/blogs/security-research/threatlabz-discovers-117-vulnerabilities-microsoft-365-apps-sketchup-3d-0

   ・ Zscaler威胁实验室发现通过SketchUp 3D库在Microsoft 365应用中的117个漏洞，了解如何绕过CVE-2023-29344补丁。 – SecTodayBot

• Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw:
https://www.hackread.com/design-flaw-domain-delegation-google-vulnerability-cybersecurity/

   ・ 研究人员在Hunters创建了一个概念验证工具，帮助组织检测DWD配置错误，提高意识，并减少DeleFriend的利用风险。 – SecTodayBot

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab