Telekom Security

Airmail App - JavaScript Injection Vulnerability Exposes Sensitive Data

A vulnerability has been identified in the popular iOS/macOS email apps “Airmail - Your Mail With You” and “Airmail for Business” that poses a significant risk. The vulnerability, classified as a JavaScript injection combined with an insecurely configured WebView, was present in versions of the apps prior to 5.7.

Continue Reading →

T-Pot Version 24.04 released

We are proud to announce the release of T-Pot 24.04! T-Pot 24.04 marks probably the largest change in the history of the project. While most of the changes have been made to the underlying platform some changes will be standing out in particular - a T-Pot ISO image will no longer be provided with the benefit that T-Pot will now run on multiple Linux distributions (Alma Linux, Debian, Fedora, OpenSuse, Raspbian, Rocky Linux, Ubuntu), Raspberry Pi (optimized) and macOS / Windows (limited).

Continue Reading →

Apple's UIKit Vulnerability - Sandbox Escape

A vulnerability has been identified in various Apple devices, including iPhones, posing a significant risk. The vulnerability affects the UIKit component.

Continue Reading →

Apple's macOS Quick Look Vulnerability - Buffer Overflow

A vulnerability has been identified in Apple’s Quick Look feature that affects Apple’s macOS. The vulnerability, classified as a classic buffer overflow, was addressed with improved bounds checking.

Continue Reading →

Critical remote denial of service vulnerability in matrixssl TLSv1.3 server pre-shared-key parsing

A new critical DoS vulnerability (CVE-2023-24609) was discovered in the matrixssl library (versions 4.6.0-4.0.0, github.com/matrixssl/matrixssl) by Security Evaluators of Telekom Security with modern fuzzing methods.

View the full advisory

Continue Reading →

Wire Secure Messenger Remote Format String Vulnerability

A Format String vulnerability (CVE-2023-48221) in the Wire AVS library used in Wire Secure Messenger allows an attacker to cause a denial of service (application crash) or possibly execute arbitrary code via voice or video call. This affects Wire AVS (Audio, Video, and Signaling) before 9.2.22 and 9.3.5.

Continue Reading →

Shining some light on the DarkGate loader

Analysis and Report by Fabian Marquardt (@marqufabi)

Recently, Telekom Security CTI was made aware via trust groups in which we are engaged about a new malware campaign that is distributed via phishing emails. The malspam campaign used stolen email threads to lure victim users into clicking the contained hyperlink, which downloaded the malware.

Continue Reading →

LibreOffice Calc Formula Parsing Vulnerability

A vulnerability in LibreOffice (CVE-2023-0950) allows to trigger an array index underflow that could be exploited by an attacker to execute arbitrary code. To trigger the vulnerability, a victim only needs to open a specially crafted Spreadsheet file. The vulnerability has been fixed in LibreOffice 7.4.6/7.5.2.

Continue Reading →