0-Day Vulnerability to be Discovered in Windows

As reported,  privilege escalation exploit, for which no cure exists, is on the GitHub now
29 August 2018   882

In Windows, a 0-day vulnerability has been discovered that allows malicious users to gain system-level rights. The problem was reported by a Twitter user with the SandboxEscaper nickname. The exploit's PoC code is available on the GitHub.

The problem lies in the Windows task scheduler. When processing the ALPC tool, it becomes possible to obtain privileges at the SYSTEM level. It can be used by attackers to enhance the capabilities of malware.

According to the head of the coordination center CERT Will Dormann, the vulnerability remains urgent. The performance of the PoC code was tested on 64-bit Windows 10 with the latest updates. You can raise the user's rights to the SYSTEM level.

In response to a letter from The Register, a Microsoft representative announced that they were aware of the problem. The company promised to release an update fixing the vulnerability.

Huawei May Use Russian OS Instead Android

Due to US sanctions, popular smartphone manufacturer is negotiating of using Russian OS called Aurora, which is based on Sailfish OS
11 June 2019   439

The Bell has received information from several unnamed sources about the discussion of the possibility of using the proprietary mobile operating system Aurora on some types of Huawei devices.

The movement in the direction of Aurora has so far limited itself only to a discussion of the possibility of using this OS, no plans have been presented. The discussion was attended by the Minister of Digital Development and Communications Konstantin Noskov and the Executive Director of Huawei. The meeting also raised the issue of creating a joint production of chips and software in Russia. The information was not confirmed at Rostelecom, but expressed willingness to cooperate.

Huawei declined to comment on the published information. At the same time, the company is developing its own mobile platform Hongmeng OS (Arc OS), providing compatibility with Android applications. The first release of Hongmeng OS is scheduled for the fourth quarter of this year. Two options will be offered - for China and the global smartphone market. It is alleged that Hongmeng OS has been in development since 2012 and was ready for the beginning of 2018, but was not delivered due to the use of Android as a main platform and partnership with Google.

There is evidence that for testing in China, the first batch of 1 million Hongmeng OS-based smartphones has already been distributed. Technical details are not disclosed yet and it is not clear whether the platform is built on Android code or only includes a layer for compatibility. Huawei has long been delivering its own Android edition - EMUI, it is possible that it is the basis of Hongmeng OS.

Huawei’s interest in alternative mobile systems is driven by restrictive measures introduced by the US Department of Commerce, which will restrict Huawei’s access to Android services falling under a commercial agreement with Google, as well as breaking commercial relations with ARM.

Sailfish is partly a proprietary mobile operating system with an open system environment, but closed by the user shell, basic mobile applications, QML components for building the Silica graphical interface, an interlayer for launching Android applications, a smart text input engine and a data synchronization system. The open system environment is built on the basis of Mer (fork MeeGo), which since April has been developing as an integral part of Sailfish, and packages of the Mer distribution package Nemo. On top of the Mer system components, a graphical stack is launched based on the Wayland and Qt5 library.