10 Security Vulnerabilities That Broke the World Wide Web in 2016
Information security is a subject in cyber-world which we can't think away anymore. Data breaches can cost millions when sensitive information is leaked on the Internet. Zero-day exploits pop up for sale every day in deep web forums in return for Bitcoins. However, few exploits are disclosed in public domain once the vulnerability is patched by the vendor. This past year, we had over 6400 common vulnerabilities and exposures which were issued a CVE ID. There were few major bug fixes by the vendors serving backbone of the Internet.
Here is the list of top 10 security vulnerabilities which came to light this year.
Learn Vulnerability Management
1. Dirty Cow (CVE-2016-5195)
Discovered by Phil Oester, Dirty Cow, is a kernel vulnerability that allows any unprivileged existing user to escalate its privilege to root. Root is the highest privilege on any UNIX or LINUX system, which has access to all the files. This vulnerability is known as privilege escalation. COW (Change on Write) is a technique used by Linux to reduce duplication of memory objects. By utilizing Race condition, the under-privileged user can modify read-only objects, which in the ideal case should not happen. If you are a system administrator, you may want to update the kernel of your Linux server. This is by far, the top vulnerability discovered & disclosed in 2016.
2. PHPMailer RCE (CVE-2016-10033, CVE-2016-10045)
PHPMailer, one of the most widely used email sending libraries in PHP was vulnerable to Remote Code Execution. Any attacker can execute shell commands on the web server using this vulnerability. It happens because the E-Mail address header field "From: " could be set by a user input but there is an absence of "sender" property. So, if a shell command is set by the user in "From: " header then it will result into RCE. If you are using PHPMailer in your production web servers, then it's time to upgrade it as soon as possible. This vulnerability was found by Dawid Golunski.
3. ImageTragick (CVE-2016-3714)
Discovered by Nikolay Ermishki, ImageTragick is considered to be one of the most impactive bugs of 2016. Insufficient filtering for filename passed to delegate's command allows remote code execution during conversion of several file formats. This vulnerability was heavily exploited & many organizations were found vulnerable to ImageTragick vulnerability as shown in Hackerone's public disclosure.
4. DROWN (CVE-2016-0800)
DROWN (Decrypting RSA with Obsolete and Weakened eNcryption) exploits a flaw in SSLv2 that lets an attacker decrypt communications that use TLS or SSL. It was categorized as a cross-protocol attack. If SSLv2 was enabled on the victim's server, then it was vulnerable DROWN. 17% of all servers on the Internet were exposed to potential data theft. An advisory was published by OpenSSL.
5. Remote Code Execution in Apple OS X and iOS (CVE-2016-463)
Images, as we all know are harmless. However, have you ever thought that you could get pawned by viewing maliciously crafted images? This was the case with CVE-2016-4631 which was discovered by security researcher Tyler Bohan from Talos Security. This vulnerability poses a significant threat to Apple users. When rendered by applications that use the Image I/O API, a specially crafted TIFF Image can be used to create heap-based buffer overflow which can ultimately result in remote code execution.
6. Persistent code execution on Chrome OS (CVE-2016-5180)
Google released security fixes for Chrome OS in their Version 53.0.2785.143 m update of Google Chrome. Google paid $100,000 to an anonymous security researcher for finding and responsibly disclosing the bug. Google, in its advisory mentions, that "It is a chain of exploits that gains code execution in guest mode across reboots, delivered via a web page. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future."
7. MS16-032
Founded by James Forshaw, this vulnerability could allow elevation of privilege if the Windows Secondary Logon Service fails to manage request handles in memory properly. In simple words, it is a bug that allows anyone to leak a handle opened in a privileged process into a lower privileged process. Windows 7 to Windows 10 as well as Windows Server 2008-2012 were found vulnerable.
8. Firefox SVG Animation Remote Code Execution (CVE-2016-9079)
Firefox published a security bulletin which described the vulnerability "A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows." That leaked true IP of your machine, even if you use Tor browser. It is believed that intelligence agencies, as well as black hats, may have used this vulnerability to snoop over people.
9. Adobe Flash remote code execution (CVE-2016-7892)
Adobe Flash has a long history of nasty security vulnerabilities. This month, Adobe patched 31 vulnerabilities. The most important one was the patch for an use-after-free vulnerability. It was spotted in the wild that, this exploit were used to target Internet Explorer users. Users were prompt to update any affected versions.
10. Symantec/Norton Antivirus ASPack Remote Heap/Pool Memory Corruption Vulnerability (CVE-2016-2208)
A remote code execution vulnerability in Symantec/ Norton Antivirus was found by Google's project zero team. With the help of remote code execution, attackers can be able to execute malicious code and could take complete control over the system. This vulnerability could be exploited by sending an email or via a web browser to a user using Symantec AV Engine, resulting in kernel memory corruption. This is as bad as it can get. A patch was released by the vendor within a month.
Apart from these, there are many critical vulnerabilities which were discovered and patched in 2016. It is quite evident that anyone who can exploit using these 10 vulnerabilities can take over the World Wide Web. Security researchers are helping vendors to fix as well as mitigate vulnerabilities by participating in their responsible disclosure programs. Such responsible disclosure programs are known as Bug bounty program in which a white hat researcher reports a flaw to a vendor, and in return, the vendor pays them or acknowledge them as a token of appreciation.
Learn Vulnerability Management
The need of bug bounty program is increasing; Instead of selling exploits in an underground forum for huge stacks of money, hackers are motivated to disclose to the organization responsibly. The more we connect to the Internet, higher the risk of getting hacked. It is important to keep track of latest security vulnerabilities, updating your software and systems.
Learn Vulnerability Management
Build your vulnerability assessment and management skills with dozens of courses. What you'll learn- Vulnerability scanning
- Classifying and prioritizing
- Patching and mitigating
- Building a program
- And more
In this Series
- 10 Security Vulnerabilities That Broke the World Wide Web in 2016
- The most popular binary exploitation techniques
- Roadmap for performing an Active Directory assessment
- The importance of asset visibility in the detection and remediation of vulnerabilities
- Digium Phones Under Attack and how web shells can be really dangerous
- vSingle is abusing GitHub to communicate with the C2 server
- The most dangerous vulnerabilities exploited in 2022
- Follina — Microsoft Office code execution vulnerability
- Spring4Shell vulnerability details and mitigations
- How criminals are taking advantage of Log4shell vulnerability
- Microsoft Autodiscover protocol leaking credentials: How it works
- How to write a vulnerability report
- How to report a security vulnerability to an organization
- PrintNightmare CVE vulnerability walkthrough
- Top 30 most exploited software vulnerabilities being used today
- The real dangers of vulnerable IoT devices
- How criminals leverage a Firefox fake extension to target Gmail accounts
- How criminals have abused a Microsoft Exchange flaw in the wild
- How to discover open RDP ports with Shodan
- Time to patch: Vulnerabilities exploited in under five minutes?
- Whitespace obfuscation: PHP malware, web shells and steganography
- New Sudo flaw used to root on any standard Linux installation
- Turla Crutch backdoor: analysis and recommendations
- Volodya/BuggiCorp Windows exploit developer: What you need to know
- AWS APIs abuse: Watch out for these vulnerable APIs
- How to reserve a CVE: From vulnerability discovery to disclosure
- SonicWall firewall VPN vulnerability (CVE-2020-5135): Overview and technical walkthrough
- Top 25 vulnerabilities exploited by Chinese nation-state hackers (NSA advisory)
- Zerologon CVE-2020-1472: Technical overview and walkthrough
- Unpatched address bar spoofing vulnerability impacts major mobile browsers
- Software vulnerability patching best practices: Patch everything, even if vendors downplay risks
- What is a vulnerability disclosure policy (VDP)?
- Common vulnerability assessment types
- Common security threats discovered through vulnerability assessments
- Android vulnerability allows attackers to spoof any phone number
- Malicious Docker images: How to detect vulnerabilities and mitigate risk
- Apache Guacamole Remote Desktop Protocol (RDP) vulnerabilities: What you need to know
- Linux vulnerabilities: How unpatched servers lead to persistent backdoors
- Tesla Model 3 vulnerability: What you need to know about the web browser bug
- How to identify and prevent firmware vulnerabilities
- Will CVSS v3 change everything? Understanding the new glossary
- URGENT/11 vulnerability
- 32 hardware and firmware vulnerabilities
- The Zero Day Initiative
- CVE-2018-11776 RCE Flaw in Apache Struts Could Be Root Cause of Clamorous Hacks
- XML vulnerabilities are still attractive targets for attackers
- Broadpwn Wi-Fi Vulnerability: How to Detect & Mitigate
- Mobile Systems Vulnerabilities
- Most Exploited Vulnerabilities: by Whom, When, and How
- Exploiting CVE-2015-8562 (A New Joomla! RCE)
- Security vulnerabilities of voice recognition technologies
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Vulnerabilities
Vulnerabilities
