![]() The WordPress 6.0.2 release was led by and 6.0.2 would not have been possible without the contributions of more than 50 people. Thank you to these WordPress contributors John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().Khalilov Moe for finding an XSS vulnerability on the Plugins screen.Fariskhi Vidyan for finding a possible SQL injection within the Link API.The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release: Security updates included in this release You can download WordPress 6.0.2 from, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.įor more information on this release, please visit the HelpHub site. If you have sites that support automatic background updates, the update process will begin automatically. The next major release will be version 6.1 planned for November 1, 2022. You can review a summary of the main updates in this release by reading the RC1 announcement. WordPress 6.0.2 is a short-cycle release. All versions since WordPress 3.7 have also been updated. Because this is a security release, it is recommended that you update your sites immediately. It uses root privileges to maintain persistence on the compromised device.Īccording to Palo Alto Networks, the Trojan can remotely control the device via UDP, TCP and SMS channels.Ī recently discovered Android Trojan can exfiltrate private data from more than 40 applications, Palo Alto Networks security researchers have discovered.ĭubbed SpyDealer, the malware is capable of stealing sensitive messages from communication apps using the Android accessibility service feature, and gains rooting privileges with the help of exploits from a commercial rooting app called Baidu Easy Root.This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. It can steal information from popular applications such as WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk. Once the malware has compromised a device, it can harvest an exhaustive list of personal information, including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information. It can also answer incoming phone calls from a specific number, can record phone calls and the surrounding audio and video, can take photos with the device’s cameras, monitor location, and take screenshots. ![]() Palo Alto Networks researchers couldn’t determine exactly how SpyDealer infects devices, but say that it isn’t distributed through the official Google Play store and that some users might have been infected via compromised wireless networks. The Trojan is only effective against Android 2.2 to 4.4 releases, given that these are the only versions the rooting tool it uses supports, meaning that it could potentially infect around 25% of all Android devices. “On devices running later versions of Android, it can steal significant amounts of information, but it cannot take actions that require higher privileges,” the network security firm says. ![]() The security researchers have captured 1,046 samples of SpyDealer and say that it is under active development, with three variants currently in the wild. ![]() The latest variant encrypts the content of configuration files and almost all constant strings in the code, and also packs a service to steal targeted apps’ messages. The oldest Trojan sample is dated October 2015, which suggests the threat has been active for over a year and a half. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |