Results 1 to 3 of 3

Thread: Bleedingbit Zero-Day Chip Flaws May Expose Majority of Enterprises To Remote Execution Attacks

  1. #1

    Bleedingbit Zero-Day Chip Flaws May Expose Majority of Enterprises To Remote Execution Attacks

    Bleedingbit Zero-Day Chip Flaws May Expose Majority of Enterprises To Remote Code Execution Attacks
    https://it.slashdot.org/story/18/11/...cution-attacks

    Two new zero-day vulnerabilities called "Bleeding Bit" have been revealed by security firm Armis, impacting Bluetooth Low-Energy (BLE) chips used in millions of Cisco, Meraki, and Aruba wireless access points (APs). "Developed by Texas Instruments (TI), the vulnerable BLE chips are used by roughly 70 to 80 percent of business wireless access points today by way of Cisco, Meraki and Aruba products," reports ZDNet. From the report:

    The first vulnerability, CVE-2018-16986, impacts Cisco and Meraki APs using TI BLE chips. Attacks can remotely send multiple benign BLE broadcast messages, called "advertising packets," which are stored on the memory of the vulnerable chip. As long as a target device's BLE is turned on, these packets -- which contain hidden malicious code to be invoked later on -- can be used together with an overflow packet to trigger an overflow of critical memory. If exploited, attackers are able to trigger memory corruption in the chip's BLE stack, creating a scenario in which the threat actor is able to access an operating system and hijack devices, create a backdoor, and remotely execute malicious code.

    The second vulnerability, CVE-2018-7080, is present in the over-the-air firmware download (OAD) feature of TI chips used in Aruba Wi-Fi access point Series 300 systems. The vulnerability is technically a leftover development backdoor tool. This oversight, the failure to remove such a powerful development tool, could permit attackers to compromise the system by gaining a foothold into a vulnerable access point. "It allows an attacker to access and install a completely new and different version of the firmware -- effectively rewriting the operating system of the device," the company says. "The OAD feature doesn't offer a security mechanism that differentiates a "good" or trusted firmware update from a potentially malicious update."
    1776 > 1984

    The FAILURE of the United States Government to operate and maintain an
    Honest Money System , which frees the ordinary man from the clutches of the money manipulators, is the single largest contributing factor to the World's current Economic Crisis.

    The Elimination of Privacy is the Architecture of Genocide

    Belief, Money, and Violence are the three ways all people are controlled

    Quote Originally Posted by Zippyjuan View Post
    Our central bank is not privately owned.



  2. Remove this section of ads by registering.
  3. #2
    I'm just a simple cave man. Your world frightens and confuses me! Sometimes the honking horns of your traffic make me want to get out of my BMW.. and runoff into the hills, or wherever.. Sometimes when I get a message on my fax machine, I wonder: “Did little demons get inside and type it?” I don’t know! My primitive mind can’t grasp these concepts.
    I compiled a "brief" history of events since October 2008 that are defining the global currency war and the role that gold is playing:

    Tin Foil Hats, Economic Reality and the Total Perspective Vortex

    Also, have you contacted your Congressional Rep and asked them co-sponsor Ron Paul's Rep. Paul Broun Jr.'s HR 1098 77: Free Competition in Currencies Act?

  4. #3
    Quote Originally Posted by Bern View Post
    I'm just a simple cave man. Your world frightens and confuses me! Sometimes the honking horns of your traffic make me want to get out of my BMW.. and runoff into the hills, or wherever.. Sometimes when I get a message on my fax machine, I wonder: “Did little demons get inside and type it?” I don’t know! My primitive mind can’t grasp these concepts.
    I feel your pain.
    go small or go home
    Taxation is Theft



Similar Threads

  1. Replies: 29
    Last Post: 12-17-2014, 01:23 PM
  2. CVE-2014-6271: remote code execution through bash
    By CPUd in forum Privacy & Data Security
    Replies: 9
    Last Post: 09-30-2014, 04:11 PM
  3. Replies: 1
    Last Post: 07-19-2012, 05:07 PM
  4. US Army has remote controlled beetles (chip implant)
    By Matt Collins in forum U.S. Political News
    Replies: 8
    Last Post: 04-19-2010, 05:26 PM
  5. FEE: Aid to Owners of Dependent Enterprises
    By Bradley in DC in forum U.S. Political News
    Replies: 0
    Last Post: 12-05-2007, 08:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •