Oué patcher. Satané téléphone.
Sinon quand ce genre d’info est divulgé ça ne devrait pas trop leur prendre de temps à trouver ce qui casse.
Go, Rust "net" library affected by critical IP address validation vulnerabilityBleepingComputerThe commonly used "net" library in Go and Rust languages is also impacted by the mixed-format IP address validation vulnerability. The bug has to do with how "net" treats IP addresses as decimal, even when they are provided in a mixed (octal-decimal) format, and therefore making applications vulnerable to SSRF and RFI.
Previously, the flaw impacted various implementations of the netmask library, relied on by thousands of applications.
Later on, the Python standard library called ipaddress was also found to be vulnerable to the flaw.
https://thehackernews.com/2021/09/a-new-bug-in-microsoft-windows-could.html :
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.
https://thehackernews.com/2021/09/unpatched-high-severity-vulnerability.html :
Cybersecurity researchers on Tuesday disclosed details of an unpatched zero-day vulnerability in macOS Finder that could be abused by remote adversaries to trick users into running arbitrary commands on the machines.
https://seclists.org/fulldisclosure/2021/Oct/17 :
in December 2017, Microsoft announced to ship curl.exe and tar.exe with Windows 10:Tar and Curl Come to Windows!docs.microsoft.com
But they failed once again, MISERABLY, at least for curl: they took the sources released 2017-11-14, let them rot for 2 years, applied some patches, only to let them rot again since then!C:\Users\Public>winver Microsoft Windows [Version 10.0.19042.1083] C:\Users\Public>curl -V curl 7.55.1 (Windows) libcurl/7.55.1 WinSSL Release-Date: 2017-11-14, security patched: 2019-11-05 Protocols: dict file ftp ftps http https imap imaps pop3 pop3s smtp smtps telnet tftp Features: AsynchDNS IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSLVersion 7.55.1 is 34 releases and at least 15 (in words: FIFTEEN) CVEs behind the current version 7.79.1: see https://curl.se/docs/releases.html and https://curl.se/docs/vulnerabilities.html
redangel (./1827) :Pour les données déjà en circulation, c'est visiblement trop tard pour les bloquer. A priori, vu que tout le pays est concerné, y compris le président ou Lionel Messi, je suppose qu'il ne pourront pas faire l'autruche et qu'ils vont être obligé d'ajouter des précautions légales supplémentaires contre les usurpation d'identités.
Moche ça. Mon beau-père est argentin, je lui fais passer l'info, merci. Mais concrètement, y a à peu près rien à faire en tant que victime ?!