Daily Archives: January 27, 2021

Solar material can ‘self-heal’ imperfections, new research shows

Posted on by

A material that can be used in technologies such as solar power has been found to self-heal, a new study shows.The findings—from the University of York—raise the prospect that it may be possible to engineer high-performance self-healing materials which could reduce costs and improve scalability, researchers say.The substance, called antimony selenide (Sb2Se3), is a solar absorber material that can be used for turning light energy into electricity.Professor Keith McKenna from the Department of Physics said: “The process by which this semi-conducting material self-heals is rather like how a salamander is able to re-grow limbs when one is severed. Antimony selenide repairs broken bonds created when it is cleaved by forming new ones.

Source: Solar material can ‘self-heal’ imperfections, new research shows

Firefox 85 removes support for Flash and adds protection against supercookies

Posted on by

Mozilla has released Firefox 85 ending support for Adobe Flash Player plugin and has brought in ways to block supercookies to enhance a user’s privacy. Mozilla, in a blog post, noted that supercookies are store user identifiers, and are much more difficult to delete and block. It further noted that the changes it is making through network partitioning in Firefox 85 will “reduce the effectiveness of cache-based supercookies by eliminating a tracker’s ability to use them across websites.”

“Trackers can abuse caches to create supercookies and can use connection identifiers to track users. But by isolating caches and network connections to the website they were created on, we make them useless for cross-site tracking,” Mozilla noted.

It explained that the network partitioning works by splitting the Firefox browser cache on a per-website basis, a technical solution that prevents websites from tracking users as they move across the web. Mozilla also noted that by removing support for Flash, there was not much impact on the page load time. The development was first reported by ZDNet.

[…]

Source: Firefox 85 removes support for Flash and adds protection against supercookies – Technology News

Update Your iPhone and iPad Right Now

Posted on by

Do you have an iPhone or iPad? You should update your device right now to iOS 14.4. No, not later today or after lunch or whatever. Update now.Why is it so crucial to update your iOS software as soon as possible? As TechCrunch first reported, Apple is reporting three security vulnerabilities that “may have been actively exploited” by hackers.We don’t have any real details yet, but Apple rarely has to admit such stunning vulnerabilities. The researchers who reported the security flaws have been granted anonymity by Apple.As Apple explains: Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. Description: A race condition was addressed with improved locking. CVE-2021-1782: an anonymous researcher WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: A logic issue was addressed with improved restrictions. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher

Source: Update Your iPhone and iPad Right Now

Decade-old bug in Linux world’s sudo can be abused by any logged-in user to gain root privileges

Posted on by

Security researchers from Qualys have identified a critical heap buffer overflow vulnerability in sudo that can be exploited by rogue users to take over the host system.

Sudo is an open-source command-line utility widely used on Linux and other Unix-flavored operating systems. It is designed to give selected, trusted users administrative control when needed.

The bug (CVE-2021-3156) found by Qualys, though, allows any local user to gain root-level access on a vulnerable host in its default configuration. Qualys is disclosing its findings in a coordinated release with operating systems vendors, and has bestowed the errant code with the memorable name of the mythical mischief-maker Baron Samedi.

The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. Qualys developed exploits for several Linux distributions, including Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2), and the security biz believes other distributions are vulnerable, too.

Ubuntu and Red Hat have already published patches, and your distro may have as well, so get to it.

In their write-up, Qualys researchers explain, “set_cmnd() is vulnerable to a heap-based buffer overflow, because the out-of-bounds characters that are copied to the ‘user_args’ buffer were not included in its size.”

[…]

The bug was introduced in July 2011 (commit 8255ed69) and has persisted unfixed until now.

[…]

Source: Decade-old bug in Linux world’s sudo can be abused by any logged-in user to gain root privileges • The Register