Cyber security news for all

More

    Fuzzer tool discovers 26 bugs in linux,Windows,macOS and others

    Hui Peng and Mathias Payer, researchers from Padue University, and Swiss Federal Institute of Technology, Lausanne, respectively, have discovered at least 26 vulnerabilities in the operating system of Linux, macOS, FreeBSD, and Windows.

    These vulnerabilities were exposed using a new tool they referred to as the USBFuzz alias known as a fuzzer.

    With the fuzzer application, security researchers can analyze a large quantity of unexpected data that are input into the program and monitor how the software behaves to discover new bugs.

    The USBfuzz designed with the sole aim of testing the USB driver stack of operating systems.

    The researchers, Peng and Mathias, said; “at its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations). As the emulated USB device works at the device level, porting it to other platforms is straight-forward.”

    They tested the fuzzer on nine versions of Linux, the latest release of FreeBSD and MacOs 10.15 Catalina, and versions 8 and 10 of Windows.

    The results from the test revealed the presence of 26 bugs. The Linux system had a greater composition of bugs, 18 in total. Of the 18 bugs found, two bugs resided in the USB camera driver and Linux USB host controller driver. At the same time, the other 16 were memory bugs located in the high-security impact in various Linux subsystems.

    The research then said, “the bugs were reported to the Linux kernel team along with proposed patches to reduce the burden on the kernel developers when fixing the reported vulnerabilities. Of the 18 Linux bugs, 11 received a patch since their initial reports last year. 10 of these 11 bugs also received a CVE, a unique code assigned to major security flaws.

    fuzz test

    The remaining bugs fall into two classes; those still under embargo/being disclosed and those that were concurrently found and reported by other researchers.”

    This isn’t the first time a fuzz test is carried out. In November 2017, A Google engineer used a Google-made fuzzer, syzkaller to discover 79 bugs impacting Linux kernel USB drivers.

    USBFUZZ TO BE OPEN SOURCED

    Payer released a draft of the research which describes the work of the USBfuzz. This research will be submitted at the Usenix Security Symposium virtual security conference, scheduled for August 2020. Following this talk, the USBfuzz will be released on GitHub as an open-source project.

    Peng and Payer re-ascertained superiority of the USBfuzz to other fuzzs like the vUSBf, syzkaller, and usb-fuzzer. Not only does the USBfuzz grant more control to testers it also has general portability across operating systems unlike others that only work on NIX systems

    Recent Articles

    Millions of RDP attacks on home offices

    Since the corona related move to the home office, the number of daily hacker attacks on remote desktop connections has increased more than tenfold....

    KuCion crypto confirms 150 million dollar security breach

    Cyber criminals were able to steal from the KuCion crypto and stole coins worth millions. On the evening of last Friday, KuCion crypto noticed...

    Hungarian banks were the target of a massive DDoS attack

    Several banks and the Hungarian Telekom have been the target of a cyber attack. The attacks are said to have come in several waves...

    The source code of Windows XP is leaked

    The source code of Windows XP is currently freely accessible. The media says that data first appeared on 4chan and is currently being exchanged...

    Hackers send malicious Azure Cloud apps to Microsoft

    Microsoft has banned some Azure Cloud applications from its cloud that the company identified as part of an attack infrastructure. Microsoft describes the approach...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox