While reviewing my last findings today, I found a phishing email that delivered a classic .shtml file called "PROFORMA INVOICE.shtml". Right now, nothing special, emails like this one are widespread. When you open the file in a sandbox, it reveals a classic form:
Amazon SageMaker Geospatial Capabilities Now Generally Available with Security Updates and More Use Case Samples
At AWS re:Invent 2022, we previewed Amazon SageMaker geospatial capabilities, allowing data scientists and machine learning (ML) engineers to build, train, and deploy ML models using geospatial data. Geospatial ML with Amazon SageMaker supports access to readily available geospatial data, purpose-built processing operations and open source libraries, pre-trained ML models, and built-in visualization tools with Amazon SageMaker’s geospatial capabilities.
During the preview, we had lots of interest and great feedback from customers. Today, Amazon SageMaker geospatial capabilities are generally available with new security updates and additional sample use cases.
Introducing Geospatial ML features with SageMaker Studio
To get started, use the quick setup to launch Amazon SageMaker Studio in the US West (Oregon) Region. Make sure to use the default Jupyter Lab 3 version when you create a new user in the Studio. Now you can navigate to the homepage in SageMaker Studio. Then select the Data menu and click on Geospatial.
Here is an overview of three key Amazon SageMaker geospatial capabilities:
- Earth Observation jobs – Acquire, transform, and visualize satellite imagery data using purpose-built geospatial operations or pre-trained ML models to make predictions and get useful insights.
- Vector Enrichment jobs – Enrich your data with operations, such as converting geographical coordinates to readable addresses.
- Map Visualization – Visualize satellite images or map data uploaded from a CSV, JSON, or GeoJSON file.
You can create all Earth Observation Jobs (EOJ) in the SageMaker Studio notebook to process satellite data using purpose-built geospatial operations. Here is a list of purpose-built geospatial operations that are supported by the SageMaker Studio notebook:
- Band Stacking – Combine multiple spectral properties to create a single image.
- Cloud Masking – Identify cloud and cloud-free pixels to get improved and accurate satellite imagery.
- Cloud Removal – Remove pixels containing parts of a cloud from satellite imagery.
- Geomosaic – Combine multiple images for greater fidelity.
- Land Cover Segmentation – Identify land cover types such as vegetation and water in satellite imagery.
- Resampling – Scale images to different resolutions.
- Spectral Index – Obtain a combination of spectral bands that indicate the abundance of features of interest.
- Temporal Statistics – Calculate statistics through time for multiple GeoTIFFs in the same area.
- Zonal Statistics – Calculate statistics on user-defined regions.
A Vector Enrichment Job (VEJ) enriches your location data through purpose-built operations for reverse geocoding and map matching. While you need to use a SageMaker Studio notebook to execute a VEJ, you can view all the jobs you create using the user interface. To use the visualization in the notebook, you first need to export your output to your Amazon S3 bucket.
- Reverse Geocoding – Convert coordinates (latitude and longitude) to human-readable addresses.
- Map Matching – Snap inaccurate GPS coordinates to road segments.
Using the Map Visualization, you can visualize geospatial data, the inputs to your EOJ or VEJ jobs as well as the outputs exported from your Amazon Simple Storage Service (Amazon S3) bucket.
Security Updates
At GA, we have two major security updates—AWS Key Management Service (AWS KMS) for customer managed AWS KMS key support and Amazon Virtual Private Cloud (Amazon VPC) for geospatial operations in the customer Amazon VPC environment.
AWS KMS customer managed keys offer increased flexibility and control by enabling customers to use their own keys to encrypt geospatial workloads.
You can use KmsKeyId
to specify your own key in StartEarthObservationJob
and StartVectorEnrichmentJob
as an optional parameter. If the customer doesn’t provide KmsKeyId
, a service owned key will be used to encrypt the customer content. To learn more, see SageMaker geospatial capabilities AWS KMS Support in the AWS documentation.
Using Amazon VPC, you have full control over your network environment and can more securely connect to your geospatial workloads on AWS. You can use SageMaker Studio or Notebook in your Amazon VPC environment for SageMaker geospatial operations and execute SageMaker geospatial API operations through an interface VPC endpoint in SageMaker geospatial operations.
To get started with Amazon VPC support, configure Amazon VPC on SageMaker Studio Domain and create a SageMaker geospatial VPC endpoint in your VPC in the Amazon VPC console. Choose the service name as com.amazonaws.us-west-2.sagemaker-geospatial
and select the VPC in which to create the VPC endpoint.
All Amazon S3 resources that are used for input or output in EOJ and VEJ operations should have internet access enabled. If you have no direct access to those Amazon S3 resources via the internet, you can grant SageMaker geospatial VPC endpoint ID access to it by changing the corresponding S3 bucket policy. To learn more, see SageMaker geospatial capabilities Amazon VPC Support in the AWS documentation.
Example Use Case for Geospatial ML
Customers across various industries use Amazon SageMaker geospatial capabilities for real-world applications.
Maximize Harvest Yield and Food Security
Digital farming consists of applying digital solutions to help farmers optimize crop production in agriculture through the use of advanced analytics and machine learning. Digital farming applications require working with geospatial data, including satellite imagery of the areas where farmers have their fields located.
You can use SageMaker to identify farm field boundaries in satellite imagery through pre-trained models for land cover classification. Learn about How Xarvio accelerated pipelines of spatial data for digital farming with Amazon SageMaker Geospatial in the AWS Machine Learning Blog. You can find an end-to-end digital farming example notebook via the GitHub repository.
Damage Assessment
As the frequency and severity of natural disasters increase, it’s important that we equip decision-makers and first responders with fast and accurate damage assessment. You can use geospatial imagery to predict natural disaster damage and geospatial data in the immediate aftermath of a natural disaster to rapidly identify damage to buildings, roads, or other critical infrastructure.
From an example notebook, you can train, deploy, and predict natural disaster damage from the floods in Rochester, Australia, in mid-October 2022. We use images from before and after the disaster as input to its trained ML model. The results of the segmentation mask for the Rochester floods are shown in the following images. Here we can see that the model has identified locations within the flooded region as likely damaged.
You can train and deploy a geospatial segmentation model to assess wildfire damages using multi-temporal Sentinel-2 satellite data via GitHub repository. The area of interest for this example is located in Northern California, from a region that was affected by the Dixie Wildfire in 2021.
Monitor Climate Change
Earth’s climate change increases the risk of drought due to global warming. You can see how to acquire data, perform analysis, and visualize the changes with SageMaker geospatial capabilities to monitor shrinking shoreline caused by climate change in the Lake Mead example, the largest reservoir in the US.
You can find the notebook code for this example in the GitHub repository.
Predict Retail Demand
The new notebook example demonstrates how to use SageMaker geospatial capabilities to perform a vector-based map-matching operation and visualize the results. Map matching allows you to snap noisy GPS coordinates to road segments. With Amazon SageMaker geospatial capabilities, it is possible to perform a VEJ for map matching. This type of job takes a CSV file with route information (such as longitude, latitude, and timestamps of GPS measurements) as input and produces a GeoJSON file that contains the predicted route.
Support Sustainable Urban Development
Arup, one of our customers, uses digital technologies like machine learning to explore the impact of heat on urban areas and the factors that influence local temperatures to deliver better design and support sustainable outcomes. Urban Heat Islands and the associated risks and discomforts are one of the biggest challenges cities are facing today.
Using Amazon SageMaker geospatial capabilities, Arup identifies and measures urban heat factors with earth observation data, which significantly accelerated their ability to counsel clients. It enabled its engineering teams to carry out analytics that weren’t possible previously by providing access to increased volumes, types, and analysis of larger datasets. To learn more, see Facilitating Sustainable City Design Using Amazon SageMaker with Arup in AWS customer stories.
Now Available
Amazon SageMaker geospatial capabilities are now generally available in the US West (Oregon) Region. As part of the AWS Free Tier, you can get started with SageMaker geospatial capabilities for free. The Free Tier lasts 30 days and includes 10 free ml.geospatial.interactive compute hours, up to 10 GB of free storage, and no $150 monthly user fee.
After the 30-day free trial period is complete, or if you exceed the Free Tier limits defined above, you pay for the components outlined on the pricing page.
To learn more, see Amazon SageMaker geospatial capabilities and the Developer Guide. Give it a try and send feedback to AWS re:Post for Amazon SageMaker or through your usual AWS support contacts.
– Channy
When the Phisher Messes Up With Encoding, (Fri, May 19th)
A reader contacted us (thank you, Scott) to share an interesting phishing email. We are always looking for fresh meat, don't hesitate to share your samples with us! I had a look at the EML file provided by Scott, and it looked indeed weird.
When you open the mail in Outlook, it looks like this:
You could think that first reflex, this is a phishing campaign targeting Chinese people. If we look a bit deeper, we see that the document is lacking any "format" (paragraphs, carriage returns, …), and there are here and there "emoticons". This looks definitively like an encoding problem.
If you check the raw EML file, there is this piece of code at the beginning of the mail body:
<=00m=00e=00t=00a=00 =00h=00t=00t=00p=00-=00e=00q=00u=00i=00v=00=3D=00"=00C= =00o=00n=00t=00e=00n=00t=00-=00T=00y=00p=00e=00"=00 =00c=00o=00n=00t=00e=00= n=00t=00=3D=00"=00t=00e=00x=00t=00/=00h=00t=00m=00l=00;=00 =00c=00h=00a=00r= =00s=00e=00t=00=3D=00u=00t=00f=00-=001=006=00"=00>=00<html><head><meta http= -equiv=3D"Content-Type" content=3D"text/html; charset=3Dunicode"> =20 <meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge"> <title></title>= </head>=20 <body>
Export the body and open it in a text editor, you will get:
As you can see, the attacker messed up the encoding, and Outlook cannot display the mail body correctly. Here is what should be displayed:
Note that the attackers not only messed up with the encoding, they also messed up the variable replacement with correct values ("[EMail]", "[Date_short]", …).
The link points to a Java RAT stored on the Discord CDN[1]. The RAT connects to its C2 server via magicfinger[.]ddns[.]net
[1] https://bazaar.abuse.ch/sample/d7b24068f673031c8c27271bf36790f9468b8c27ec08c51a348fc08c34ff6881/
Xavier Mertens (@xme)
Xameco
Senior ISC Handler – Freelance Cyber Security Consultant
PGP Key
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
New – Simplify the Investigation of AWS Security Findings with Amazon Detective
With Amazon Detective, you can analyze and visualize security data to investigate potential security issues. Detective collects and analyzes events that describe IP traffic, AWS management operations, and malicious or unauthorized activity from AWS CloudTrail logs, Amazon Virtual Private Cloud (Amazon VPC) Flow Logs, Amazon GuardDuty findings, and, since last year, Amazon Elastic Kubernetes Service (EKS) audit logs. Using this data, Detective constructs a graph model that distills log data using machine learning, statistical analysis, and graph theory to build a linked set of data for your security investigations.
Starting today, Detective offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty. Security Hub is a service that provides you with a view of your security state in AWS and helps you check your environment against security industry standards and best practices. If you’ve turned on Security Hub and another integrated AWS security services, those services will begin sending findings to Security Hub.
With this new capability, it is easier to use Detective to determine the cause and impact of findings coming from new sources such as AWS Identity and Access Management (IAM) Access Analyzer, Amazon Inspector, and Amazon Macie. All AWS services that send findings to Security Hub are now supported.
Let’s see how this works in practice.
Enabling AWS Security Findings in the Amazon Detective Console
When you enable Detective for the first time, Detective now identifies findings coming from both GuardDuty and Security Hub, and automatically starts ingesting them along with other data sources. Note that you don’t need to enable or publish these log sources for Detective to start its analysis because this is managed directly by Detective.
If you are an existing Detective customer, you can enable investigation of AWS Security Findings as a data source with one click in the Detective Management Console. I already have Detective enabled, so I add the source package.
In the Detective console, in the Settings section of the navigation pane, I choose General. There, I choose Edit in the Optional source packages section to enable Detective for AWS Security Findings.
Once enabled, Detective starts analyzing all the relevant data to identify connections between disparate events and activities. To start your investigation process, you can get a visualization of these connections, including resource behavior and activities. Historical baselines, which you can use to provide comparisons against recent activity, are established after two weeks.
Investigating AWS Security Findings in the Amazon Detective Console
I start in the Security Hub console and choose Findings in the navigation pane. There, I filter findings to only see those where the Product name is Inspector and Severity label is HIGH.
The first one looks suspicious, so I choose its Title (CVE-2020-36223 – openldap). The Security Hub console provides me with information about the corresponding Common Vulnerabilities and Exposures (CVE) ID and where and how it was found. At the bottom, I have the option to Investigate in Amazon Detective. I follow the Investigate finding link, and the Detective console opens in another browser tab.
Here, I see the entities related to this Inspector finding. First, I open the profile of the AWS account to see all the findings associated with this resource, the overall API call volume issued by this resource, and the container clusters in this account.
For example, I look at the successful and failed API calls to have a better understanding of the impact of this finding.
Then, I open the profile for the container image. There, I see the images that are related to this image (because they have the same repository or registry as this image), the containers running from this image during the scope time (managed by Amazon EKS), and the findings associated with this resource.
Depending on the finding, Detective helps me correlate information from different sources such as CloudTrail logs, VPC Flow Logs, and EKS audit logs. This information makes it easier to understand the impact of the finding and if the risk has become an incident. For Security Hub, Detective only ingests findings for configuration checks that failed. Because configuration checks that passed have little security value, we’re filtering these outs.
Availability and Pricing
Amazon Detective investigation support for AWS Security Findings is available today for all existing and new Detective customers in all AWS Regions where Detective is available, including the AWS GovCloud (US) Regions. For more information, see the AWS Regional Services List.
Amazon Detective is priced based on the volume of data ingested. By enabling investigation of AWS Security Findings, you can increase the volume of ingested data. For more information, see Amazon Detective pricing.
When GuardDuty and Security Hub provide a finding, they also suggest the remediation. On top of that, Detective helps me investigate if the vulnerability has been exploited, for example, using logs and network traffic as proof.
Currently, findings coming from Security Hub are not included in the Finding groups section of the Detective console. Our plan is to expand Finding groups to cover the newly integrated AWS security services. Stay tuned!
Start using Amazon Detective to investigate potential security issues.
— Danilo
Apple Updates Everything, (Thu, May 18th)
Today, Apple released macOS, iOS, iPadOS, tvOS, watchOS, and Safari updates.
Three of the vulnerabilities are already exploited in the wild. Combining the three vulnerabilities, an attacker can gain complete system access as the user visits a malicious website. CVE-2023-32373 allows for arbitrary code execution as WebKit processes malicious content. CVE-2023-32409, in turn, enables breaking out of the web content sandbox, completing the full system compromise. The vulnerabilities are not indicated as "patched" for older versions of macOS, but they are covered in the Safari update, which applies the patch to older versions of macOS.
As usual, Apple's vulnerability descriptions are terse. As promised in a prior diary, I let ChatGPT "guess" the CVSS score for these updates. Let me know if you agree or not. The rating (moderate/important/critical) are mine. ChatGPT refused to provide a CVSS score for some vulnerabilities based on insufficient information. Let me know if you feel ChatGPT did ok or not (or if it is worthwhile keeping these ChatGPT CVSS scores or not)
Safari 16.5 | watchOS 9.5 | tvOS 16.5 | iOS 16.5 and iPadOS 16.5 | iOS 15.7.6 and iPadOS 15.7.6 | macOS Big Sur 11.7.7 | macOS Ventura 13.4 | macOS Monterey 12.6.6 |
---|---|---|---|---|---|---|---|
CVE-2023-32402 [moderate] ChatGPT-CVSS: 4.3 WebKit An out-of-bounds read was addressed with improved input validation. Processing web content may disclose sensitive information |
|||||||
x | x | x | x | x | |||
CVE-2023-32423 [moderate] ChatGPT-CVSS: 5.3 WebKit A buffer overflow issue was addressed with improved memory handling. Processing web content may disclose sensitive information |
|||||||
x | x | x | x | x | |||
CVE-2023-32409 [moderate] ChatGPT-CVSS: 8.8 *** EXPLOITED *** WebKit The issue was addressed with improved bounds checks. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited. |
|||||||
x | x | x | x | x | |||
CVE-2023-28204 [moderate] ChatGPT-CVSS: 7.5 *** EXPLOITED *** WebKit An out-of-bounds read was addressed with improved input validation. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited. |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32373 [critical] ChatGPT-CVSS: 8.8 *** EXPLOITED *** WebKit A use-after-free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32388 [important] ChatGPT-CVSS: N/A Accessibility A privacy issue was addressed with improved private data redaction for log entries. An app may be able to bypass Privacy preferences |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32400 [moderate] ChatGPT-CVSS: N/A Accessibility This issue was addressed with improved checks. Entitlements and privacy permissions granted to this app may be used by a malicious app |
|||||||
x | x | x | |||||
CVE-2023-32399 [important] ChatGPT-CVSS: 4.3 Core Location The issue was addressed with improved handling of caches. An app may be able to read sensitive location information |
|||||||
x | x | x | x | ||||
CVE-2023-28191 [important] ChatGPT-CVSS: N/A AppleEvents This issue was addressed with improved redaction of sensitive information. An app may be able to bypass Privacy preferences |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32417 [moderate] ChatGPT-CVSS: 4.0 Face Gallery This issue was addressed by restricting options offered on a locked device. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features |
|||||||
x | |||||||
CVE-2023-32392 [important] ChatGPT-CVSS: 4.3 GeoServices A privacy issue was addressed with improved private data redaction for log entries. An app may be able to read sensitive location information |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32372 [important] ChatGPT-CVSS: 5.3 ImageIO An out-of-bounds read was addressed with improved input validation. Processing an image may result in disclosure of process memory |
|||||||
x | x | x | x | ||||
CVE-2023-32384 [critical] ChatGPT-CVSS: 7.8 ImageIO A buffer overflow was addressed with improved bounds checking. Processing an image may lead to arbitrary code execution |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32354 [important] ChatGPT-CVSS: 7.5 IOSurfaceAccelerator An out-of-bounds read was addressed with improved input validation. An app may be able to disclose kernel memory |
|||||||
x | x | x | |||||
CVE-2023-32420 [moderate] ChatGPT-CVSS: 7.5 IOSurfaceAccelerator An out-of-bounds read was addressed with improved input validation. An app may be able to cause unexpected system termination or read kernel memory |
|||||||
x | x | x | x | ||||
CVE-2023-27930 [important] ChatGPT-CVSS: 8.8 Kernel A type confusion issue was addressed with improved checks. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | ||||
CVE-2023-32398 [important] ChatGPT-CVSS: 8.8 Kernel A use-after-free issue was addressed with improved memory management. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32413 [important] ChatGPT-CVSS: 8.8 Kernel A race condition was addressed with improved state handling. An app may be able to gain root privileges |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32352 [important] ChatGPT-CVSS: 7.0 LaunchServices A logic issue was addressed with improved checks. An app may bypass Gatekeeper checks |
|||||||
x | x | x | x | x | |||
CVE-2023-32407 [important] ChatGPT-CVSS: N/A Metal A logic issue was addressed with improved state management. An app may be able to bypass Privacy preferences |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32368 [important] ChatGPT-CVSS: 6.5 Model I/O An out-of-bounds read was addressed with improved input validation. Processing a 3D model may result in disclosure of process memory |
|||||||
x | x | x | x | x | |||
CVE-2023-32403 [important] ChatGPT-CVSS: 4.3 NetworkExtension This issue was addressed with improved redaction of sensitive information. An app may be able to read sensitive location information |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32390 [moderate] ChatGPT-CVSS: 4.3 Photos The issue was addressed with improved checks. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup |
|||||||
x | x | x | |||||
CVE-2023-32357 [moderate] ChatGPT-CVSS: 7.0 Sandbox An authorization issue was addressed with improved state management. An app may be able to retain access to system configuration files even after its permission is revoked |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32391 [moderate] ChatGPT-CVSS: N/A Shortcuts The issue was addressed with improved checks. A shortcut may be able to use sensitive data with certain actions without prompting the user |
|||||||
x | x | x | x | ||||
CVE-2023-32404 [important] ChatGPT-CVSS: 6.2 Shortcuts This issue was addressed with improved entitlements. An app may be able to bypass Privacy preferences |
|||||||
x | x | x | |||||
CVE-2023-32394 [moderate] ChatGPT-CVSS: 5.3 Siri The issue was addressed with improved checks. A person with physical access to a device may be able to view contact information from the lock screen |
|||||||
x | x | x | x | ||||
CVE-2023-32376 [important] ChatGPT-CVSS: 7.0 StorageKit This issue was addressed with improved entitlements. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | x | ||||
CVE-2023-28202 [moderate] ChatGPT-CVSS: N/A System Settings This issue was addressed with improved state management. An app firewall setting may not take effect after exiting the Settings app |
|||||||
x | x | x | x | ||||
CVE-2023-32412 [moderate] ChatGPT-CVSS: 7.8 Telephony A use-after-free issue was addressed with improved memory management. A remote attacker may be able to cause unexpected app termination or arbitrary code execution |
|||||||
x | x | x | x | x | x | x | |
CVE-2023-32408 [important] ChatGPT-CVSS: 7.5 TV App The issue was addressed with improved handling of caches. An app may be able to read sensitive location information |
|||||||
x | x | x | x | x | x | ||
CVE-2023-32389 [important] ChatGPT-CVSS: 7.5 Wi-Fi This issue was addressed with improved redaction of sensitive information. An app may be able to disclose kernel memory |
|||||||
x | x | x | x | ||||
CVE-2023-32411 [important] ChatGPT-CVSS: 6.5 AppleMobileFileIntegrity This issue was addressed with improved entitlements. An app may be able to bypass Privacy preferences |
|||||||
x | x | x | x | x | |||
CVE-2023-32422 [moderate] ChatGPT-CVSS: 6.5 SQLite This issue was addressed by adding additional SQLite logging restrictions. An app may be able to access data from other apps by enabling additional SQLite logging |
|||||||
x | x | x | |||||
CVE-2023-32415 [important] ChatGPT-CVSS: 5.3 Weather This issue was addressed with improved redaction of sensitive information. An app may be able to read sensitive location information |
|||||||
x | x | x | |||||
CVE-2023-32371 [important] ChatGPT-CVSS: 6.5 Associated Domains The issue was addressed with improved checks. An app may be able to break out of its sandbox |
|||||||
x | x | ||||||
CVE-2023-32419 [moderate] ChatGPT-CVSS: 8.8 Cellular The issue was addressed with improved bounds checks. A remote attacker may be able to cause arbitrary code execution |
|||||||
x | |||||||
CVE-2023-32385 [moderate] ChatGPT-CVSS: 4.3 PDFKit A denial-of-service issue was addressed with improved memory handling. Opening a PDF file may lead to unexpected app termination |
|||||||
x | x | ||||||
CVE-2023-32365 [moderate] ChatGPT-CVSS: N/A Photos The issue was addressed with improved checks. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication |
|||||||
x | x | ||||||
CVE-2023-32367 [important] ChatGPT-CVSS: 7.5 Security This issue was addressed with improved entitlements. An app may be able to access user-sensitive data |
|||||||
x | x | ||||||
CVE-2023-23532 [important] ChatGPT-CVSS: 7.0 Apple Neural Engine This issue was addressed with improved checks. An app may be able to break out of its sandbox |
|||||||
x | |||||||
CVE-2023-28181 [important] ChatGPT-CVSS: 9.8 CoreCapture The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges |
|||||||
x | x | ||||||
CVE-2023-32410 [important] ChatGPT-CVSS: 7.5 IOSurface An out-of-bounds read was addressed with improved input validation. An app may be able to leak sensitive kernel state |
|||||||
x | x | x | x | ||||
CVE-2023-27940 [moderate] ChatGPT-CVSS: 4.0 Kernel The issue was addressed with additional permissions checks. A sandboxed app may be able to observe system-wide network connections |
|||||||
x | x | x | |||||
CVE-2023-32397 [important] ChatGPT-CVSS: 6.5 Shell A logic issue was addressed with improved state management. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | x | ||||
CVE-2023-32386 [moderate] ChatGPT-CVSS: 5.0 Contacts A privacy issue was addressed with improved handling of temporary files. An app may be able to observe unprotected user data |
|||||||
x | x | x | |||||
CVE-2023-32360 [moderate] ChatGPT-CVSS: 6.5 CUPS An authentication issue was addressed with improved state management. An unauthenticated user may be able to access recently printed documents |
|||||||
x | x | x | |||||
CVE-2023-32387 [moderate] ChatGPT-CVSS: 8.8 dcerpc A use-after-free issue was addressed with improved memory management. A remote attacker may be able to cause unexpected app termination or arbitrary code execution |
|||||||
x | x | x | |||||
CVE-2023-27945 [moderate] ChatGPT-CVSS: 4.3 Dev Tools This issue was addressed with improved entitlements. A sandboxed app may be able to collect system logs |
|||||||
x | x | ||||||
CVE-2023-32369 [important] ChatGPT-CVSS: 6.5 libxpc A logic issue was addressed with improved state management. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | |||||
CVE-2023-32405 [important] ChatGPT-CVSS: 7.8 libxpc A logic issue was addressed with improved checks. An app may be able to gain root privileges |
|||||||
x | x | x | |||||
CVE-2023-32380 [critical] ChatGPT-CVSS: 8.8 Model I/O An out-of-bounds write issue was addressed with improved bounds checking. Processing a 3D model may lead to arbitrary code execution |
|||||||
x | x | x | |||||
CVE-2023-32382 [important] ChatGPT-CVSS: 5.3 Model I/O An out-of-bounds read was addressed with improved input validation. Processing a 3D model may result in disclosure of process memory |
|||||||
x | x | x | |||||
CVE-2023-32355 [important] ChatGPT-CVSS: 7.5 PackageKit A logic issue was addressed with improved state management. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | |||||
CVE-2023-32395 [important] ChatGPT-CVSS: 7.0 Perl A logic issue was addressed with improved state management. An app may be able to modify protected parts of the file system |
|||||||
x | x | x | |||||
CVE-2023-32414 [important] ChatGPT-CVSS: 4.0 DesktopServices The issue was addressed with improved checks. An app may be able to break out of its sandbox |
|||||||
x | |||||||
CVE-2023-32375 [important] ChatGPT-CVSS: 7.5 Model I/O An out-of-bounds read was addressed with improved input validation. Processing a 3D model may result in disclosure of process memory |
|||||||
x | x | ||||||
CVE-2023-32363 [important] ChatGPT-CVSS: 0 Screen Saver A permissions issue was addressed by removing vulnerable code and adding additional checks. An app may be able to bypass Privacy preferences |
|||||||
x | |||||||
CVE-2023-23535 [important] ChatGPT-CVSS: 7.5 ImageIO The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory |
|||||||
x |
—
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
New KB articles for VMware Horizon and Workspace ONE, in April 2023.

Tweet In this blog post, we will explore newly created knowledge articles, providing detailed descriptions and insights to help you troubleshoot and optimize your VMware Horizon and Workspace ONE environments. This KB article discusses an issue where the Pod Services status for Horizon Cloud Connector versions 2.1.2 and 2.2.0 is displayed as “Evicted.” The article … Continued
The post New KB articles for VMware Horizon and Workspace ONE, in April 2023. appeared first on VMware Support Insider.
A Quick Survey of .zip Domains: Your highest risk is running into Rick Ashley., (Thu, May 18th)
PowerShellGet in PowerShell 7.4 Updates
Version 3 previews of PowerShellGet will begin shipping in PowerShell 7.4 previews in June (preview 5) with the following updates. These changes include important plans to address migration and compatibility, and we would like to request feedback.
- The module name “PowerShellGet” for version 3 (
-PSResource cmdlets
) will change to “Microsoft.PowerShell.PSResourceGet” begining with the next release (beta22). - PowerShell v7.4 (LTS) will ship PowerShellGet v2.2.5 and PSResourceGet v3.0.x, side-by-side. This will help us get telemetry about usage of PSResourceGet. No compatibility layer will be shipped, meaning we will not wrap version 3 commandlets with version 2 names. This allows current scripts to work as-is, with or without fully qualified cmdlet names, while still allowing customers to test the new commandlets.
- Customers can use
-PSResource
cmdlets for perf improvements and new features. No new feature work will be done in-Module
cmdlets. - In the first preview of PowerShell v7.5 we will include CompatPowerShellGet renamed as PowerShellGet v3.0.0, in addition to publishing the latest PSResourceGet module. In PowerShell v7.5 we will not ship PowerShellGet v2.2.5.
- In PowerShell v7.5 we plan to ship PowerShellGet v3.0.0 and the latest stable version of PSResourceGet, side-by-side.
- We will get community feedback about the compatibility layer that will help use decide on the final plans for PowerShell v7.5.
- We plan to ship PSResourceGet in addition to current PowerShellGet 1.0.0.1 in future builds of Windows so PSResourceGet can be made available by default in Windows PowerShell 5.1.
- We also plan to improve the experience of updating PowerShellGet/PSResourceGet in prior releases of Windows.
- We will update the PowerShellGet repository name on GitHub to reflect the new PSResourceGet name.
We would greatly appreciate your thoughtful feedback on these plans while there is still time to consider changes. Please comment on this github issue.
Considerations for this decision
We appreciate the feedback we have already been given by the community, at PowerShell events, by MVP’s, and by our peers. Some of the key factors that played into this decision were
- PowerShell 7.4 is an LTS release. We are merging releases later in the preview cycle than we wanted. We now need to be especially cautious about breaking changes that could impact existing scripts/automation.
- Using telemetry to track adoption of PowerShellGet v3 (now PSResourceGet) will help inform when we have an appropriate level of usage relative to feedback, to confirm public validation before release.
- In the future, we would like to be able to end new feature work for PowerShellGet v2 due to support difficulties with OneGet(PackageManagement) and focus on PSResourceGet. We recognize it will take time for mass adoption of PSResourceGet, so we will be moving cautiously.
- For a deeper look into other options we explored please refer to this github issue.
We look forward to reviewing community feedback!
Sydney PowerShell Team
The post PowerShellGet in PowerShell 7.4 Updates appeared first on PowerShell Team.
Retiring the AWS Documentation on GitHub
About five years ago I announced that AWS Documentation is Now Open Source and on GitHub. After a prolonged period of experimentation we will archive most of the repos starting the week of June 5th, and will devote all of our resources to directly improving the AWS documentation and website.
The primary source for most of the AWS documentation is on internal systems that we had to manually sync with the GitHub repos. Despite the best efforts of our documentation team, keeping the public repos in sync with our internal ones has proven to be very difficult and time consuming, with several manual steps and some parallel editing. With 262 separate repos and thousands of feature launches every year, the overhead was very high and actually consumed precious time that could have been put to use in ways that more directly improved the quality of the documentation.
Our intent was to increase value to our customers through openness and collaboration, but we learned through customer feedback that this wasn’t necessarily the case. After carefully considering many options we decided to retire the repos and to invest all of our resources in making the content better.
Repos containing code samples, sample apps, CloudFormation templates, configuration files, and other supplementary resources will remain as-is since those repos are primary sources and get a high level of engagement.
To help us improvement the documentation, we’re also focusing more resources on your feedback:
We watch the thumbs-up and thumbs-down metrics on a weekly basis, and use the metrics as top-level pointers to areas of the documentation that could be improved. The incoming feedback creates tickets that are routed directly to the person or the team that is responsible for the page. I strongly encourage you to make frequent use of both feedback mechanisms.
— Jeff;
New Knowledge Base Articles for issues included problems with NSX, ESXi and HCX in April 2023.

All of these KB articles were newly created in the month of April and cover a range of issues related to problems with NSX Intelligence, NSX-T UI alarms, ARP_PROXY, NSX Application Platform deployment, NSX-T upgrade, HCX SSL/TLS services, ESXi Host Stale Records, ESXi 7.0 U3L upgrade, and Uplink Profile issues:
The post New Knowledge Base Articles for issues included problems with NSX, ESXi and HCX in April 2023. appeared first on VMware Support Insider.