Aggregator

越权漏洞检测准确率如何提升？看看字节安全团队的实践

内存提取密钥解密Merlin Agent加密流量

苹果计划在2025年末或2026年初推出的新款MacBook Pro中搭载自研5G基带芯片Centauri（C1），支持蜂窝网络连接。这将使用户无需依赖iPhone共享网络，在户外也能轻松联网。该功能预计首先应用于高端MacBook Pro机型，并可能逐步扩展至其他产品线。

文章探讨了在M系列芯片Mac上玩游戏的多种方式及工具，包括原生游戏、iPad端移植、Steam以及Windows转译等，并介绍了PlayCover和Macs Fan Control等辅助工具。尽管仍存在兼容性和性能问题，但展现了Mac在游戏领域的潜力。

苹果在iOS 26中调整熄屏显示功能，默认模糊化锁屏壁纸以提高可读性，用户可选择关闭此功能。

6万字奶爸级WebGoat8.X靶场代码审计大全，全文均可复现，适合刚学完JavaSE准备开始代码审计的师傅

文章介绍了Cloudflare错误代码521的原因及解决方法。该错误通常由网络连接问题、服务器配置错误或DNS设置异常引起。建议检查网络连接、联系网站管理员或调整DNS设置以解决问题。

HackerNews 编译，转载请注明出处： 一位安全研究人员发布了针对 FortiWeb Web 应用防火墙中一个漏洞的部分概念验证（PoC）利用代码。该漏洞允许远程攻击者绕过身份验证。 该漏洞已负责任地报告给 Fortinet，现被追踪为 CVE-2025-52970。Fortinet 已于 8 月 12 日发布了修复程序。 安全研究员 Aviv Y 将此漏洞命名为 FortMajeure，并描述其为“一种本不应发生的静默失效”。从技术上讲，这是 FortiWeb 的 cookie 解析过程中的一个越界读取（out-of-bounds read）漏洞，允许攻击者将 Era参数设置为非预期值。 这导致服务器使用全零密钥（all-zero secret key）进行会话加密和 HMAC 签名，使得伪造身份验证 cookie 变得轻而易举。 成功利用该漏洞会导致完全的身份验证绕过，允许攻击者冒充任何活跃用户，包括管理员。 要成功利用 CVE-2025-52970，目标用户在攻击期间必须拥有活跃会话，并且攻击者必须暴力破解 cookie 中的一个小的数字字段。 这个暴力破解要求源于签名 cookie 中的一个字段，该字段由 libncfg.so中的 refresh_total_logins()函数进行验证。 该字段是一个攻击者必须猜测的未知数字，但研究员指出其范围通常不会超过 30，这使其搜索空间非常小，大约只需 30 次请求。 由于该利用利用了全零密钥（归因于 Era漏洞），每次猜测都可以通过检查伪造的 cookie 是否被接受来即时验证。 该问题影响 FortiWeb 7.0 至 7.6 版本，并已在以下版本中修复： FortiWeb 7.6.4 及更高版本 FortiWeb 7.4.8 及更高版本 FortiWeb 7.2.11 及更高版本 FortiWeb 7.0.11 及更高版本 Fortinet 在公告中表示，FortiWeb 8.0 版本不受此问题影响，因此用户无需采取任何措施。 安全公告未列出任何变通办法或缓解建议，因此升级到安全版本是唯一推荐的有效措施。 Fortinet 给出的 CVSS 严重性评分为 7.7，这可能会产生误导，因为该分数源于“高攻击复杂性”（high attack complexity），而这主要是由于暴力破解的要求。然而在实践中，暴力破解部分操作简单且快速。 研究员分享了一个 PoC 输出结果，展示了在 REST 端点上冒充管理员的情况。不过，他暂时保留了能够通过 /ws/cli/open连接到 FortiWeb CLI 的完整利用代码。 研究员 Aviv Y 承诺稍后将发布完整的漏洞利用细节，因为供应商的公告发布不久。他做出此决定是为了给系统管理员更多时间来应用修复程序。 该研究员告诉 BleepingComputer，已发布的细节展示了问题的核心，但即使对于知识渊博的攻击者来说，也不足以推断出其余部分并开发出完整的武器化利用链。他解释说，攻击者将不得不逆向工程会话中的字段格式，考虑到 Fortinet 拥有自己的数据结构，这实际上并不可行。 尽管如此，必须立即采取行动来缓解此问题，因为黑客会密切关注这些公告，并准备在完整 PoC 出现时发动攻击。 Aviv Y 告诉 BleepingComputer，他尚未决定发布漏洞利用代码的具体日期，但计划给防御者留出时间来应对风险。       消息来源： bleepingcomputer； 本文由 HackerNews.cc 翻译整理，封面来源于网络； 转载请注明“转自 HackerNews.cc”并附上原文

A vulnerability classified as problematic was found in NVIDIA GPU Display Driver on Windows/Linux. Affected by this vulnerability is an unknown functionality in the library nvlddmkm.sys of the component Kernel Mode Layer. The manipulation results in privilege escalation. This vulnerability is known as CVE-2021-1076. It is possible to launch the attack remotely. No exploit is available.

A vulnerability classified as problematic was found in GNU SASL libgsasl. This impacts an unknown function. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-2469. The attack may be launched remotely. There is no exploit available. A patch should be applied to remediate this issue.

A vulnerability labeled as problematic has been found in Linux Kernel up to 6.6.22/6.7.10/6.8.1. Affected is the function OPTS_SET of the component libbpf. The manipulation of the argument xdp_zc_max_segs results in out-of-bounds read. This vulnerability is cataloged as CVE-2024-27050. The attack must originate from the local network. There is no exploit available. The affected component should be upgraded.

A vulnerability described as problematic has been identified in Mozilla Firefox, Firefox ESR and Thunderbird. This vulnerability affects unknown code of the component HTTP2 Opportunistic Encryption. Such manipulation leads to cleartext transmission of sensitive information. This vulnerability is referenced as CVE-2021-38507. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is recommended.

A vulnerability marked as problematic has been reported in openEuler Kernel on Linux. Impacted is an unknown function of the file net/sched/sch_cbs.C of the component Network Module. The manipulation leads to null pointer dereference. This vulnerability is referenced as CVE-2021-33630. The attack can only be performed from a local environment. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.8.11/6.9.2 and classified as critical. Affected by this vulnerability is the function mana_ib_install_cq_cb of the component mana_ib. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-38542. The attack can only be initiated within the local network. No exploit exists. The affected component should be upgraded.

A vulnerability labeled as critical has been found in Microsoft Windows NT 4.0/2000/XP. Affected is an unknown function of the component SMB. Such manipulation as part of Parameter leads to memory corruption. This vulnerability is traded as CVE-2003-0345. The attack may be launched remotely. Furthermore, there is an exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability categorized as very critical has been discovered in Microsoft DirectX up to 9.0a. This vulnerability affects unknown code in the library quartz.dll. Executing manipulation can lead to memory corruption. This vulnerability is registered as CVE-2003-0346. It is possible to launch the attack remotely. No exploit is available. It is best practice to apply a patch to resolve this issue.

Windows 11 24H2版安装KB5063878更新后可能因大量数据写入导致SSD掉盘且无法识别，尤其影响群联E12主控芯片的固态硬盘。微软尚未确认问题，请用户谨慎处理并备份数据以避免损失。

A vulnerability, which was classified as critical, has been found in Cisco Unified Intelligence Center. Impacted is an unknown function. This manipulation causes server-side request forgery. The identification of this vulnerability is CVE-2023-20061. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.

文章描述了网络错误代码521的原因及解决方法，指出该错误通常由Web服务器返回无效响应引起，并建议检查服务器配置、脚本问题或联系主机提供商以解决问题。