Post by Cindy on Dec 1, 2016 10:02:00 GMT -5
I received this email from our old host, GraceNet yesterday and wanted to pass it on to you all:
A few hours ago a zero-day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently, it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.
If you use Firefox, we recommend you temporarily switch browsers to Chrome, Safari or a non-firefox based browser that is secure until the Firefox dev team can release an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. There is no fix at the time of this writing.
Currently, this exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.
Here is what Malware bites says about it:
Tor Browser zero-day strikes again
Posted November 30, 2016 by Jérôme Segura
A newly found vulnerability in the Firefox web browser was found to be leveraged in the wild. It is not the first time this has happened, as some of you may recall back in 2013, the FBI used a nearly identical one to expose some users running the Tor Browser.
The Tor Browser (based on Mozilla Firefox Extended Support Release) is used worldwide by all people who want greater anonymity online which includes political activists or dissidents wanting to bypass limitations or surveillance put in place by oppressive regimes.
According to Mozilla, “the exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code“.
Via this exploit, an attacker can collect the victim’s IP and MAC addresses, as well as their hostname which it sends to a remote server (5.39.27.226). This server is now down, but we were able to reproduce the exploit and observe the TCP packets where the data would be sent.
(graphic)
It’s worth noting that not all exploits are meant to infect the target machine. In this case, for example, the goal is to leak user data with as minimal of a footprint as possible. There’s no malicious code downloaded to disk, only shell code is ran directly from memory.
(graphic)
This zero-day can be thwarted by adjusting the security slider to ‘High’ within Tor Browser’s Privacy and Security Settings, but that is not the default option. Alternatively, people running Malwarebytes Anti-Exploit were already protected against this 0day.
This latest attack continues to increase the concern over the Tor Brower’s efficacy against exploits and how other browsers such as Google Chrome or Edge work to handle memory corruption and sandboxing. One thing is for sure, browsers and their plugins remain the best attack vector to deliver malware or leak data via drive-by attacks.
Both Mozilla and Tor have released a patch to address this zero-day.
blog.malwarebytes.com/threat-analysis/2016/11/tor-browser-zero-day-strikes-again/
So please update your firefox browsers and you'll be safe!
A few hours ago a zero-day vulnerability emerged in the Tor browser bundle and the Firefox web browser. Currently, it exploits Windows systems with a high success rate and affects Firefox versions 41 to 50 and the current version of the Tor Browser Bundle which contains Firefox 45 ESR.
If you use Firefox, we recommend you temporarily switch browsers to Chrome, Safari or a non-firefox based browser that is secure until the Firefox dev team can release an update. The vulnerability allows an attacker to execute code on your Windows workstation. The exploit is in the wild, meaning it’s now public and every hacker on the planet has access to it. There is no fix at the time of this writing.
Currently, this exploit causes a workstation report back to an IP address based at OVH in France. But this code can likely be repurposed to infect workstations with malware or ransomware. The exploit code is now public knowledge so we expect new variants of this attack to emerge rapidly.
Here is what Malware bites says about it:
Tor Browser zero-day strikes again
Posted November 30, 2016 by Jérôme Segura
A newly found vulnerability in the Firefox web browser was found to be leveraged in the wild. It is not the first time this has happened, as some of you may recall back in 2013, the FBI used a nearly identical one to expose some users running the Tor Browser.
The Tor Browser (based on Mozilla Firefox Extended Support Release) is used worldwide by all people who want greater anonymity online which includes political activists or dissidents wanting to bypass limitations or surveillance put in place by oppressive regimes.
According to Mozilla, “the exploit took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code“.
Via this exploit, an attacker can collect the victim’s IP and MAC addresses, as well as their hostname which it sends to a remote server (5.39.27.226). This server is now down, but we were able to reproduce the exploit and observe the TCP packets where the data would be sent.
(graphic)
It’s worth noting that not all exploits are meant to infect the target machine. In this case, for example, the goal is to leak user data with as minimal of a footprint as possible. There’s no malicious code downloaded to disk, only shell code is ran directly from memory.
(graphic)
This zero-day can be thwarted by adjusting the security slider to ‘High’ within Tor Browser’s Privacy and Security Settings, but that is not the default option. Alternatively, people running Malwarebytes Anti-Exploit were already protected against this 0day.
This latest attack continues to increase the concern over the Tor Brower’s efficacy against exploits and how other browsers such as Google Chrome or Edge work to handle memory corruption and sandboxing. One thing is for sure, browsers and their plugins remain the best attack vector to deliver malware or leak data via drive-by attacks.
Both Mozilla and Tor have released a patch to address this zero-day.
blog.malwarebytes.com/threat-analysis/2016/11/tor-browser-zero-day-strikes-again/
So please update your firefox browsers and you'll be safe!
!!
