Cyber security news for all

More

    Fuzzer tool discovers 26 bugs in linux,Windows,macOS and others

    Hui Peng and Mathias Payer, researchers from Padue University, and Swiss Federal Institute of Technology, Lausanne, respectively, have discovered at least 26 vulnerabilities in the operating system of Linux, macOS, FreeBSD, and Windows.

    These vulnerabilities were exposed using a new tool they referred to as the USBFuzz alias known as a fuzzer.

    With the fuzzer application, security researchers can analyze a large quantity of unexpected data that are input into the program and monitor how the software behaves to discover new bugs.

    The USBfuzz designed with the sole aim of testing the USB driver stack of operating systems.

    The researchers, Peng and Mathias, said; “at its core, USBFuzz uses a software-emulated USB device to provide random device data to drivers (when they perform IO operations). As the emulated USB device works at the device level, porting it to other platforms is straight-forward.”

    They tested the fuzzer on nine versions of Linux, the latest release of FreeBSD and MacOs 10.15 Catalina, and versions 8 and 10 of Windows.

    The results from the test revealed the presence of 26 bugs. The Linux system had a greater composition of bugs, 18 in total. Of the 18 bugs found, two bugs resided in the USB camera driver and Linux USB host controller driver. At the same time, the other 16 were memory bugs located in the high-security impact in various Linux subsystems.

    The research then said, “the bugs were reported to the Linux kernel team along with proposed patches to reduce the burden on the kernel developers when fixing the reported vulnerabilities. Of the 18 Linux bugs, 11 received a patch since their initial reports last year. 10 of these 11 bugs also received a CVE, a unique code assigned to major security flaws.

    fuzz test

    The remaining bugs fall into two classes; those still under embargo/being disclosed and those that were concurrently found and reported by other researchers.”

    This isn’t the first time a fuzz test is carried out. In November 2017, A Google engineer used a Google-made fuzzer, syzkaller to discover 79 bugs impacting Linux kernel USB drivers.

    USBFUZZ TO BE OPEN SOURCED

    Payer released a draft of the research which describes the work of the USBfuzz. This research will be submitted at the Usenix Security Symposium virtual security conference, scheduled for August 2020. Following this talk, the USBfuzz will be released on GitHub as an open-source project.

    Peng and Payer re-ascertained superiority of the USBfuzz to other fuzzs like the vUSBf, syzkaller, and usb-fuzzer. Not only does the USBfuzz grant more control to testers it also has general portability across operating systems unlike others that only work on NIX systems

    Recent Articles

    Personnel were asked to removed 89 apps which includes Instagram, Facebook, and others by the Indian Army

    Personnel are told by the Indian Army to delete 89 apps from their phones from July 15. This is in a bid to avoid...

    The warning sent to employees about Tiktok app was a mistake says Amazon

    On Friday morning, Amazon sent out a memo to its employees, asking them to uninstall the popular social media app TikTok off their phone....

    Other Android phones sold in the US contains pre-installed malware

    There’s a discovery of Pre-installed malware on another phone by researchers from Malwarebytes; through the lifeline Assistance program for sale in the United States....

    About 15 billion stolen passwords and usernames sold on the dark web.

    A recent finding has shown that about 15 billion passwords and usernames are distributed on the dark web. This compromise will bring about credential...

    Hundreds of multinational companies aimed by Russian BEC Gang

    According to the security firm Agari, there has been a discovery of a newly uncovered Russia-based business email compromise gang; BEC gang that scams...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox