By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Broadcom WiFi chipset drivers have been found to contain vulnerabilities impacting multiple operating systems and allowing potential attackers to remotely execute arbitrary code and to trigger denial-of-service according to a DHS/CISA alert and a CERT/CC vulnerability note. Quarkslab's intern Hugues Anguelkov was the one who reported five vulnerabilities he found in the "Broadcom wl driver and the open-source brcmfmac driver for Broadcom WiFi chipsets" while reversing engineering and fuzzing Broadcom WiFi chips firmware. As he discovered, "The Broadcom wl driver is vulnerable to two heap buffer overflows, and the open-source brcmfmac driver is vulnerable to a frame validation bypass and a heap buffer overflow." The Common Weakness Enumeration database describes heap buffer overflows in the CWE-122 entry, stating that they can lead to system crashes or the impacted software going into an infinite loop, while also allowing attackers "to execute arbitrary code, which is usually outside the scope of a program's implicit security policy" and bypassing security services. As the CERT/CC vulnerability note written by Trent Novelly explains, potential remote and unauthenticated attackers could exploit the Broadcom WiFi chipset driver vulnerabilities by sending maliciously-crafted WiFi packets to execute arbitrary code on vulnerable machines. However, as further detailed by Novelly, "More typically, these vulnerabilities will result in denial-of-service attacks." Learn more by visiting OUR FORUM.

Chipmaker Intel has announced today that it will be canceling production of its 5G modems. Stating that they aim to focus on PC, ‘Internet of Things’ devices, and data focussed devices, however, they intend to make components to help improve 5G infrastructure. This comes just hours after Qualcomm announced a 6-year partnership with Apple. In his statement, Intel CEO Bob Swan made it clear that there was ‘no path to profitability and positive returns’ when talking about the smartphone modem business. Swan went on to mention that “5G continues to be a strategic priority across Intel”. This comes just two weeks after Intel rebuffed a report suggesting the company was struggling with its 5G modem program. A similar situation occurred in 2018 when it was suggested the manufacturer was having troubles with its XMM 8060 Modem, the predecessor to the 8160 that was canceled today. Intel went on to say they would provide additional details on April 25, following their Q1 2019 earnings report. Swan closes out his statement saying “[the Intel] team has developed a valuable portfolio of wireless products and intellectual property. We are assessing our options to realize the value we have created, including the opportunities in a wide variety of data-centric platforms and devices in a 5G world.” current speculation suggests the company may be looking to sell its portfolio of products. Follow this and more on OUR FORUM.

E3, also known as ‘The Electronic Entertainment Expo’ and ‘one of the hottest gaming events out there’, is just under 2 months away. Microsoft has announced their intentions for the event, and it’s looking pretty good. Will Tuttle, Xbox Wire Editor in Chief, says that this will be Microsoft’s ‘biggest E3 presence ever’ and that there’s ‘something for everyone’. The annual Xbox E3 2019 Briefing is up first, on June 9th. The briefing will encompass everything from reveal trailers for unannounced titles that are due out in 2019 to in-depth looks at previous games. You can watch it live on Sunday, June 9th, at 1 pm PDT/4PM EDT on the official Xbox Mixer Channel or on the Mixer app for Xbox One and Windows 10. The Xbox E3 2019 Briefing will also be offered in six different languages on Mixer: English, German, French, Italian, Spanish (LATAM), and Portuguese (LATAM). There are also English closed captions for those who want or need them! Inside Xbox will also be airing a special episode during E3. Inside Xbox: Live @ E3 will air on Monday, June 10th, at 3 pm PDT/6PM EDT. It’ll feature a live stream of exclusive announcements, game demos, interviews, and more. If you’re lucky enough to be attending E3 in person, Microsoft has plenty of opportunities for you too! The Microsoft Theater and Xbox Plaza at LA Live will be their base for all activities during the week. Xbox Experience will be returning to the Microsoft Theater and it’ll be open from Tuesday to Thursday. There are over 100 gameplay stations on the main stage and a ginormous Xbox merchandise shop.Learn more by visiting OUR FORUM.

Late last year, Microsoft surprised many with the announcement of the Surface-branded headphones. The premium peripheral has opened the door to the company exploring where else they can apply the Surface branding and the next stop appears to be a pair of earbuds. According to multiple sources who are familiar with the company’s plans, Microsoft is currently working on a pair of earbuds under the code name of Morrison. The company is looking to capitalize upon the development of its audio tech by expanding its portfolio to cover the two major categories of headphones: over-ear and in-ear. This isn’t Microsoft’s first adventure into the earbud segment, the company previously sold earbuds with its Zune music player several years ago. And with wireless earbuds being a quickly growing segment with Apple leading the way and Amazon likely joining the party soon, Microsoft will be entering a saturated market but that has never stopped them in the past. The codename for this product is a bit different than others we have seen come out of the Microsoft camp when it comes to hardware. There are devices like Andromeda and Centaurus that use astrological names but the original Surface Headphone name was Joplin – likely related to Scott Joplin (or actually, Janis Joplin), an American composer known for his ragtime music. Morrison is likely related to Jim Morrison, who was the lead singer of the Doors and is considered to be a classic American rock star. As for the name, Surface Buds has been tossed around but I don’t know if that will be the retail name when they do arrive. Follow this and more on OUR FORUM.

A security researcher has published today details and proof-of-concept code for an Internet Explorer zero-day that can allow hackers to steal files from Windows systems. The vulnerability resides in the way Internet Explorer processes MHT files. MHT stands for MHTML Web Archive and is the default standard in which all IE browsers save web pages when a user hits the CTRL S (Save web page) command. Modern browsers don't save web pages in MHT format anymore, and use the standard HTML file format; however, many modern browsers still support processing the format. Today, security researcher John Page published details about an XXE (XML eXternal Entity) vulnerability in IE that can be exploited when a user opens an MHT file. "This can allow remote attackers to potentially exfiltrate Local files and conduct remote reconnaissance on locally installed Program version information," Page said. "Example, a request for 'c:Python27NEWS.txt' can return version information for that program." Because on Windows all MHT files are automatically set to open by default in Internet Explorer, exploiting this vulnerability is trivial, as users only need to double-click on a file they received via email, instant messaging, or another vector. Page said the actual vulnerable code relies on how Internet Explorer deals with CTRL K (duplicate tab), "Print Preview," or "Print" user commands. But, as Windows uses IE as the default app to open MHT files, users don't necessarily have to have IE set as their default browser, and are still vulnerable as long as IE is still present on their systems, and they're tricked into opening an MHT file. This vulnerability should not be taken lightly, despite Microsoft's response. Read the complete story on OUR FORUM.

At the National Association of Broadcasters (NAB) trade show in Las Vegas, Sony announced the world’s largest high-resolution display featuring a “16k” resolution, as well as Sony’s ‘Crystal LED’ display based on microLED technology. Sony’s 16k display has a diagonal measurement of 783” and has four times as many pixels as an 8K TV, but the company didn’t give details on the vertical resolution. The larger-than-life screen is 19.2 meters (63 feet) long and 5.4 meters (17 feet) high, so the vertical resolution likely isn't very high. This makes some sense, as walls can only be so tall, but it ultimately means Sony uses a non-standard resolution that is not a direct upscaling of 4K and 8K. Sony has started before that its modular and bezel-less Crystal LED screens can be arranged in any shape, even ones that don’t look like a typical TV. The Crystal LED screen Sony unveiled in Las Vegas is currently being installed at a new research center in Japan. These 16K screens will likely remain a high-end product for the corporate world for now, but Sony intends to sell smaller variations to offices, cinemas, and even consumers in the near future. MicroLED technology is basically OLED tech that doesn’t have burn-in issues because it doesn’t use any organic material to create the self-emitting diodes that don’t require a backlight (as LCDs do). There's more posted on OUR FORUM.

 
 

GTranslate