1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Mastodon fixes major security flaw that could have allowed system

    From TechnologyDaily@1337:1/100 to All on Fri Jul 7 16:45:03 2023
    Mastodon fixes major security flaw that could have allowed system hijacking

    Date:
    Fri, 07 Jul 2023 15:21:47 +0000

    Description:
    A total of five CVEs have been addressed in Mastodons latest round of
    security patches, including several critical vulnerabilities.

    FULL STORY ======================================================================

    Social media challenger Mastodon has issued a fix for new fewer than five security vulnerabilities, the majority of which categorized as high or critical severity.

    The flaws include CVE-2023-36460, which could have allowed an attacker to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. The update confirms that
    versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this vulnerability.

    Despite a brief overview, few details have been confirmed about the vulnerability. It is believed that an attacker might have been able to spread malware using the vulnerability, but its so far unclear whether there has
    been an active exploit. Mastodon security patches

    The description for another vulnerability, known as CVE-2023-36462, reads: An attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. This was considered to have the least severe consequences, marked as moderate. Read more

    These are the best endpoint protection software choices


    Twitter vows to sue Meta over new rival Threads app


    This new Mastodon app could be your best shot at moving on from Twitter

    Through this, an attacker might have been able to reformat URLs to mask the fact that they were instead redirecting to phishing campaigns or malware sites.

    Further high and critical issues fixed include a slowloris-type Denial of Service attack vulnerability, cross-site scripting (XSS) attacks, and the potential for an attacker to leak arbitrary attributes from the LDAP
    database.

    While Mastodon is responsible for issuing the fixes, Cure53 has been credited with the penetration testing, with thanks to funding from the Mozilla Foundation.

    This comes at a time when Mastodon continues to attract new social media
    users as Twitter users look to abandon the once Musk-led platform. With new CEO Linda Yaccarino at the helm, positive changes are yet to materialize. At the same time, Metas new Threads platform is trying to sweep up ex-Twitter users. We round up the best firewalls



    ======================================================================
    Link to news story: https://www.techradar.com/pro/mastodon-fixes-major-security-flaw-that-could-ha ve-allowed-system-hijacking


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)