{"vulnerability": "CVE-2022-2856", "sightings": [{"uuid": "90e4a40a-0ef3-49b1-a140-28a20405735e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2023-06-14T21:10:04.000000Z"}, {"uuid": "a77b3b30-feee-4562-b8b7-a6d06656a3ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971683", "content": "", "creation_timestamp": "2024-12-24T20:32:45.729478Z"}, {"uuid": "f15e6361-6165-4a31-8b2f-51511dd00fdf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=854", "content": "", "creation_timestamp": "2022-08-17T04:00:00.000000Z"}, {"uuid": "1ce66993-0b90-49ae-8eac-7924c6f077a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:37.000000Z"}, {"uuid": "ba36e278-fa00-4a05-80d6-fa4b39d633d3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=856", "content": "", "creation_timestamp": "2022-08-18T04:00:00.000000Z"}, {"uuid": "03556fd9-4d9f-41a7-ab17-396a39227d99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://t.me/cKure/10095", "content": "\u25a0\u25a0\u25a0\u25a0\u25a0 11 vulnerabilities fixed by Google in Chrome and one of these, there is an exploit for CVE-2022-2856 that exists in the wild.\n\nhttps://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html", "creation_timestamp": "2022-08-21T20:36:07.000000Z"}, {"uuid": "8cdb75d2-7ae2-44db-b2c2-3bafc566097d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/8c27f67e-cc6c-43f6-9706-8c7be99c8729", "content": "", "creation_timestamp": "2026-02-02T12:27:17.244911Z"}, {"uuid": "5e3c78ac-a7fd-4164-b708-62bbd1139bd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/cKure/10083", "content": "Zero-Day: 3 in-the-wild 0-days patched in the last two days:\n* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen &amp; twitter.com/0xbadcafe1 of Google TAG\n* CVE-2022-32893 in Safari\n* CVE-2022-32894 in iOS/macOS kernel\n\nhttps://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764", "creation_timestamp": "2022-08-18T21:24:55.000000Z"}, {"uuid": "10a929f3-3859-42ac-b75a-075f88edd3da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/ckuRED/182", "content": "Zero-Day: 3 in-the-wild 0-days patched in the last two days:\n* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen &amp; twitter.com/0xbadcafe1 of Google TAG\n* CVE-2022-32893 in Safari\n* CVE-2022-32894 in iOS/macOS kernel\n\nhttps://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764", "creation_timestamp": "2022-08-18T21:24:48.000000Z"}, {"uuid": "1b635068-929f-4521-b51d-d0b8cf700081", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://t.me/itsec_news/1646", "content": "\u200b\u26a1\ufe0f Google \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u043e\u0439 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Chrome.\n\n\ud83d\udcac Chrome \u0432\u0435\u0440\u0441\u0438\u0438 107 \u043f\u043e\u043b\u0443\u0447\u0438\u043b \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u0442 Google \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c 0-day \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2022-3723, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u0411\u0440\u0435\u0448\u044c \u0432 \u0437\u0430\u0449\u0438\u0442\u0435 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0435\u0439 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chromium V8. \u0410 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043f\u0440\u043e \u043d\u0435\u0435 25 \u043e\u043a\u0442\u044f\u0431\u0440\u044f \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0438\u0437 Avast.\n\nGoogle \u0437\u0430\u044f\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u0435\u0439 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u043f\u0440\u043e \u0442\u043e, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0432 \u0434\u0438\u043a\u043e\u0439 \u043f\u0440\u0438\u0440\u043e\u0434\u0435. \u041d\u043e \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043e CVE-2022-3723, \u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0440\u0430\u0441\u043a\u0440\u043e\u0435\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0431\u043e\u043b\u044c\u0448\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043e\u0431\u043d\u043e\u0432\u0438\u0442 Chrome.\n\n\u0421\u0442\u043e\u0438\u0442 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0443\u0436\u0435 \u0441\u0435\u0434\u044c\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043d\u0443\u043b\u0435\u0432\u043e\u0433\u043e \u0434\u043d\u044f \u0432 Chrome, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f Google \u0432 \u044d\u0442\u043e\u043c \u0433\u043e\u0434\u0443, \u043d\u0438\u0436\u0435 \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u043d \u043f\u043e\u043b\u043d\u044b\u0439 \u0441\u043f\u0438\u0441\u043e\u043a:\n\nCVE-2022-3075 \u2013 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 IPC-\u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0435 Mojo;\n\nCVE-2022-2856 \u2013 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432\u0432\u043e\u0434\u0438\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 Intents;\n\nCVE-2022-2294 \u2013 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u0443\u0447\u0438 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 WebRTC (Web Real-Time Communications);\n\nCVE-2022-1364 \u2013 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chrome V8;\n\nCVE-2022-1096 \u2013 \u043f\u0443\u0442\u0430\u043d\u0438\u0446\u0430 \u0442\u0438\u043f\u043e\u0432 \u0432 \u0434\u0432\u0438\u0436\u043a\u0435 JavaScript Chrome V8;\n\nCVE-2022-0609 \u2013 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0441\u043b\u0435 \u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u044f \u0432 \u0430\u043d\u0438\u043c\u0430\u0446\u0438\u0438;\n\nIT-\u0433\u0438\u0433\u0430\u043d\u0442 \u043d\u0435 \u0441\u0442\u0430\u043b \u0440\u0430\u0441\u043a\u0440\u044b\u0432\u0430\u0442\u044c \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a \u0438 \u043f\u0440\u0438\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c \u0438\u0445 \u043a\u0430\u043a\u043e\u0439-\u043b\u0438\u0431\u043e \u0445\u0430\u043a\u0435\u0440\u0441\u043a\u043e\u0439 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0435.\n\n#Google #Chrome #\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2022-10-30T10:05:47.000000Z"}, {"uuid": "e86cf818-3f16-4007-bfa8-729becb5e5c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://t.me/poxek/2362", "content": "#\u041f\u041e  #CVE\n\nCISA \u043f\u0440\u043e\u0441\u0438\u0442 \u0432\u0430\u0441 \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u044d\u0442\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\nCVE-2022-22536, CVE-2022-32893, CVE-2022-32894, CVE-2022-2856, CVE-2022-21971, CVE-2022-26923, CVE-2017-15944\n\nCISA (\u0410\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u043f\u043e \u043a\u0438\u0431\u0435\u0440\u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0421\u0428\u0410) \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u043e \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0434\u043e\u0431\u0430\u0432\u0438\u0432 \u0432 \u043d\u0435\u0433\u043e \u0441\u0435\u043c\u044c \u043d\u043e\u0432\u044b\u0445 \u043f\u043e\u0437\u0438\u0446\u0438\u0439. \u042d\u0442\u0438 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0438 \u0431\u044b\u043b\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u044b \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430\u0445 Apple, Google, Microsoft, Palo Alto Networks \u0438 SAP.\u00a0", "creation_timestamp": "2022-08-25T18:06:49.000000Z"}, {"uuid": "32b03bad-b749-4868-aec2-8d7dadc1c059", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/avleonovrus/102", "content": "\u0414\u0430\u0432\u0430\u0439\u0442\u0435 \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043d\u0430 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u0439 Microsoft Patch Tuesday. \u0412 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043a\u043e\u043c\u043f\u0430\u043a\u0442\u043d\u0435\u043d\u044c\u043a\u043e. \u0412\u0441\u0435\u0433\u043e 63 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u0421 \u0443\u0447\u0435\u0442\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432\u044b\u0448\u0435\u0434\u0448\u0438\u0445 \u043c\u0435\u0436\u0434\u0443 \u0430\u0432\u0433\u0443\u0441\u0442\u043e\u0432\u0441\u043a\u0438\u043c \u0438 \u0441\u0435\u043d\u0442\u044f\u0431\u0440\u044c\u0441\u043a\u0438\u043c Patch Tuesday (\u043a\u0430\u043a \u043e\u0431\u044b\u0447\u043d\u043e, \u0432 Microsoft Edge), \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442\u0441\u044f 90. \u0412\u0435\u0441\u044c\u043c\u0430 \u0438 \u0432\u0435\u0441\u044c\u043c\u0430 \u043d\u0435\u043c\u043d\u043e\u0433\u043e.\n\n1. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0441 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u044b\u043c\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0430\u043c\u0438 \u043f\u043e\u043a\u0430 \u043d\u0435\u0442. \u0415\u0441\u0442\u044c 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u043b\u044f \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 Proof-of-Concept Exploit \u043f\u043e \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u0437 CVSS\n\nElevation of Privilege - Kerberos (CVE-2022-33679)\nElevation of Privilege - Azure Guest Configuration and Azure Arc-enabled servers (CVE-2022-38007)\nElevation of Privilege - Windows GDI (CVE-2022-34729)\n\n\u041d\u043e \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e\u0441\u0442\u044c, \u0447\u0442\u043e \u044d\u0442\u043e \u0434\u043e\u043a\u0440\u0443\u0442\u044f\u0442 \u0434\u043e \u0431\u043e\u0435\u0432\u043e\u0433\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044f \u043d\u0435\u0432\u044b\u0441\u043e\u043a\u0430.\n\n2. \u0415\u0441\u0442\u044c 3 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u043c \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0436\u0438\u0432\u0443\u044e\n\nElevation of Privilege - Windows Common Log File System Driver (CVE-2022-37969). \u041c\u043e\u0436\u043d\u043e \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u043f\u0440\u0430\u0432\u0430 \u0434\u043e SYSTEM. \u0417\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043c\u0430\u0441\u0441\u0443 \u0432\u0435\u0440\u0441\u0438\u0439 Windows, \u0435\u0441\u0442\u044c \u043f\u0430\u0442\u0447\u0438 \u0434\u0430\u0436\u0435 \u043f\u043e\u0434 EOL \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043a\u0438. \u041a\u0440\u043e\u043c\u0435 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0431\u044b\u043b \u043f\u0443\u0447\u043e\u043a \u0432\u0438\u043d\u0434\u043e\u0432\u044b\u0445 EoP-\u0448\u0435\u043a \u0431\u0435\u0437 \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u043e\u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440 Elevation of Privilege - Windows Kernel (CVE-2022-37956, CVE-2022-37957, CVE-2022-37964)\n\nSecurity Feature Bypass - Microsoft Edge (CVE-2022-2856, CVE-2022-3075). \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Edge \u044d\u0442\u043e \u043f\u043e \u0444\u0430\u043a\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Chromium. \u041e\u0431\u0440\u0430\u0442\u043d\u0430\u044f \u0441\u0442\u043e\u0440\u043e\u043d\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043e\u0434\u043d\u043e\u0433\u043e \u0438 \u0442\u043e\u0433\u043e \u0436\u0435 \u0434\u0432\u0438\u0436\u043a\u0430. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Chrome \u0430\u0444\u0444\u0435\u043a\u0442\u044f\u0442 \u0442\u0430\u043a\u0436\u0435 Edge, Opera, Brave, Vivaldi \u0438 \u043f\u0440\u043e\u0447\u0435\u0435.\n\n3. RCE \u043e\u0442 \u043f\u043e\u0441\u043b\u0430\u043d\u043d\u043e\u0433\u043e IP \u043f\u0430\u043a\u0435\u0442\u0430 \ud83d\ude31\n\nRemote Code Execution - Windows TCP/IP (CVE-2022-34718). \"An unauthorized attacker can use it to execute arbitrary code on the attacked Windows computer with the IPSec service enabled by sending a specially crafted IPv6 packet to it. This vulnerability can only be exploited against systems with Internet Protocol Security (IPsec) enabled.\" IPsec \u0438 IPv6 \u0437\u043b\u043e, \u043b\u043e\u043b. \ud83d\ude42 \u041d\u043e \u0435\u0441\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e, \u0442\u043e \u0441\u043a\u0432\u0435\u0440\u043d\u043e, \u0447\u0442\u043e \u0442\u0430\u043a\u043e\u0435 \u0432\u043e\u043e\u0431\u0449\u0435 \u0431\u044b\u0432\u0430\u0435\u0442.\n\n\u0418 \u044d\u0442\u043e \u0435\u0449\u0451 \u043d\u0435 \u0432\u0441\u0435, \u0435\u0441\u0442\u044c \u0435\u0449\u0451 Remote Code Execution - Windows Internet Key Exchange (IKE) Protocol Extensions (CVE-2022-34721, CVE-2022-34722). \"An unauthenticated attacker could send a specially crafted IP packet to a target machine that is running Windows and has IPSec enabled, which could enable a remote code execution exploitation.\"\n\n4. Denial of Service - Windows DNS Server (CVE-2022-34724). \u0421 \u043e\u0434\u043d\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0442\u043e\u043b\u044c\u043a\u043e DoS, \u0441 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0440\u0430\u0431\u043e\u0442\u0443 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0438 \u043c\u043e\u0436\u043d\u043e \u043d\u0435\u043f\u043b\u043e\u0445\u043e \u0442\u0430\u043a \u043f\u0430\u0440\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c.\n\n5. Memory Corruption - ARM processor (CVE-2022-23960). \u0424\u0438\u043a\u0441 \u0434\u043b\u044f \u043e\u0447\u0435\u0440\u0435\u0434\u043d\u043e\u0433\u043e Spectre, \u043d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 Spectre-BHB. \u041f\u0440\u043e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0431\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0432\u0438\u0434\u0438\u043c\u043e \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u044c \u043d\u0435 \u043f\u0440\u0438\u0445\u043e\u0434\u0438\u0442\u0441\u044f, \u0442\u0430\u043a \u0436\u0435 \u043a\u0430\u043a \u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u0441\u0442\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0442\u0438\u043f\u0430 Spectre, \u043d\u043e \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0432\u0441\u0435 \u043e\u0431\u0437\u043e\u0440\u0449\u0438\u043a\u0438 \u043d\u0430 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u043e\u0431\u0440\u0430\u0442\u0438\u043b\u0438.\n\n\u041f\u043e\u043b\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 Vulristics: https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2022_report_with_comments_ext_img.html\n\n@avleonovrus #Microsoft #PatchTuesday #Vulristics", "creation_timestamp": "2023-09-21T09:16:46.000000Z"}, {"uuid": "3a5a8bcf-1696-4e40-b176-dfa450df0720", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/arpsyndicate/997", "content": "#ExploitObserverAlert\n\nCVE-2022-2856\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-2856. Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.\n\nFIRST-EPSS: 0.003730000\nNVD-IS: 3.6\nNVD-ES: 2.8", "creation_timestamp": "2023-12-03T18:17:03.000000Z"}, {"uuid": "1355b264-09ff-4add-95a6-d42529e72866", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/cyberbannews_ir/6477", "content": "\u200d \ud83d\uded1\u0627\u0641\u0632\u0648\u062f\u0647 \u0634\u062f\u0646 7 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f \u0628\u0647 \u0641\u0647\u0631\u0633\u062a \u0628\u0627\u06af \u0647\u0627\u06cc CISA\n\n\u0622\u0698\u0627\u0646\u0633 \u0627\u0645\u0646\u06cc\u062a \u0633\u0627\u06cc\u0628\u0631\u06cc \u0648 \u0627\u0645\u0646\u06cc\u062a \u0632\u06cc\u0631\u0633\u0627\u062e\u062a \u0622\u0645\u0631\u06cc\u06a9\u0627 \u06cc\u0627 \u0647\u0645\u0627\u0646 \u0633\u06cc\u0633\u0627 7 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0631\u0627 \u0628\u0647 \u0641\u0647\u0631\u0633\u062a \u0628\u0627\u06af \u0647\u0627\u06cc \u062a\u062d\u062a \u0628\u0647\u0631\u0647 \u0628\u0631\u062f\u0627\u0631\u06cc \u062e\u0648\u062f \u0627\u0641\u0632\u0648\u062f\u0647 \u0627\u0633\u062a. \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0647\u0627\u06cc \u062c\u062f\u06cc\u062f \u062a\u0648\u0633\u0637 \u0627\u067e\u0644\u060c \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\u060c \u0627\u0633 \u0627\u0650\u06cc \u067e\u06cc \u0648 \u06af\u0648\u06af\u0644 \u0634\u0646\u0627\u0633\u0627\u06cc\u06cc \u0634\u062f\u0647 \u0627\u0646\u062f.\n\n\u0628\u0627 \u0627\u062d\u062a\u0633\u0627\u0628 \u0627\u06cc\u0646 7 \u0645\u0648\u0631\u062f \u062c\u062f\u06cc\u062f\u060c \u0641\u0647\u0631\u0633\u062a \u0628\u0627\u06af \u0647\u0627\u06cc \u0633\u06cc\u0633\u0627 \u062d\u0627\u0644\u0627 \u0634\u0627\u0645\u0644 801 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u0627\u0633\u062a \u06a9\u0647 \u0622\u0698\u0627\u0646\u0633 \u0647\u0627\u06cc \u0641\u062f\u0631\u0627\u0644 \u0628\u0627\u06cc\u0633\u062a\u06cc \u0637\u0628\u0642 \u062a\u0627\u0631\u06cc\u062e \u0647\u0627\u06cc \u062a\u0639\u06cc\u06cc\u0646 \u0634\u062f\u0647\u060c \u0622\u0646 \u0647\u0627 \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u0646\u062f. \n\n\u0633\u06cc\u0633\u0627 \u0627\u0632 \u062a\u0645\u0627\u0645\u06cc \u0622\u0698\u0627\u0646\u0633 \u0647\u0627\u06cc \u0641\u062f\u0631\u0627\u0644 \u0648 \u0634\u0631\u06a9\u062a \u0647\u0627\u06cc \u0645\u0631\u0628\u0648\u0637\u0647 \u062e\u0648\u0627\u0633\u062a\u0647\u060c \u062a\u0627 \u062a\u0627\u0631\u06cc\u062e 8 \u0633\u067e\u062a\u0627\u0645\u0628\u0631 2022 \u0627\u06cc\u0646 7 \u0622\u0633\u06cc\u0628 \u067e\u0630\u06cc\u0631\u06cc \u062c\u062f\u06cc\u062f \u0631\u0627 \u0627\u0635\u0644\u0627\u062d \u06a9\u0646\u0646\u062f:\n\nCVE-2017-15944: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0634\u0631\u06a9\u062a \u067e\u0627\u0644\u0648 \u0622\u0644\u062a\u0648\nCVE-2022-21971: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\nCVE-2022-26923: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0645\u0627\u06cc\u06a9\u0631\u0648\u0633\u0627\u0641\u062a\nCVE-2022-2856: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u06af\u0648\u06af\u0644\nCVE-2022-32893: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u067e\u0644\nCVE-2022-32894: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0627\u067e\u0644\nCVE-2022-22536: \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 \u0634\u0631\u06a9\u062a SAP\n\u0647\u0646\u0648\u0632 \u0647\u06cc\u0686 \u062c\u0632\u0626\u06cc\u0627\u062a\u06cc \u062f\u0631 \u0627\u0631\u062a\u0628\u0627\u0637 \u0628\u0627 \u0646\u062d\u0648\u0647 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0628\u0627\u0632\u06cc\u06af\u0631\u0627\u0646 \u0645\u062e\u0631\u0628 \u0627\u0632 \u0622\u0646 \u0647\u0627 \u0645\u0646\u062a\u0634\u0631 \u0646\u0634\u062f\u0647 \u0627\u0633\u062a. \n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n@cyberbannews_ir", "creation_timestamp": "2022-08-20T10:09:16.000000Z"}, {"uuid": "0d9db6e4-6990-4981-9f80-ba82cb5c2aac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "Telegram/p3IJXZTMMbhGwsigacL5h65dCTuPx9Cu177kmufZgb8w", "content": "", "creation_timestamp": "2022-08-18T15:58:01.000000Z"}, {"uuid": "70863ed8-6c47-4ca6-8bb6-bf3a90907218", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/wireshark_hacking/614", "content": "Zero-Day: 3 in-the-wild 0-days patched in the last two days:\n* CVE-2022-2856 in Chrome discovered by twitter.com/ashl3y_shen &amp; twitter.com/0xbadcafe1 of Google TAG\n* CVE-2022-32893 in Safari\n* CVE-2022-32894 in iOS/macOS kernel\n\nhttps://docs.google.com/spreadsheets/u/0/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/htmlview#gid=1662223764", "creation_timestamp": "2022-08-21T20:27:09.000000Z"}, {"uuid": "76fc9e5f-8a8a-4db3-af76-0f5a52228a62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28561", "type": "seen", "source": "https://t.me/cibsecurity/41823", "content": "\u203c CVE-2022-28561 \u203c\n\nThere is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T20:33:52.000000Z"}, {"uuid": "5bf77b59-0e0d-4574-b32f-1e397ce15407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://t.me/cibsecurity/48354", "content": "\u274c Google Patches Chrome\u2019s Fifth Zero-Day of the Year \u274c\n\nGoogle has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with \u201cinsufficient validation of untrusted input in Intents,\u201d [\u2026]\n\n\ud83d\udcd6 Read\n\nvia \"Threat Post\".", "creation_timestamp": "2022-08-18T17:02:00.000000Z"}, {"uuid": "2f2cfc59-5759-4d49-99fa-060bca5425d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "exploited", "source": "https://t.me/cibsecurity/48294", "content": "\ud83d\udd74 Google Chrome Zero-Day Found Exploited in the Wild \ud83d\udd74\n\nThe high-severity security vulnerability (CVE-2022-2856) is due to improper user-input validation.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading\".", "creation_timestamp": "2022-08-17T21:28:06.000000Z"}, {"uuid": "b0d06bc1-ab86-4f21-83ba-0f421b6b28ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/true_secator/3308", "content": "Google \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u0442 \u0441\u0432\u043e\u0439 Chrome 104, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044f 11 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u043f\u044f\u0442\u0443\u044e \u0437\u0430 2022 \u0433\u043e\u0434 0-day, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0430\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f 0-day \u0431\u044b\u043b\u0430\u00a0\u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0438\u0437\u0440\u0430\u0438\u043b\u044c\u0441\u043a\u043e\u0439 \u0448\u043f\u0438\u043e\u043d\u0441\u043a\u043e\u0439 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0435\u0439 Candiru \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0432 \u0446\u0435\u043b\u0435\u0432\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445 \u043d\u0430 \u0421\u0440\u0435\u0434\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435.\n\n\u041e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u0430\u044f \u043a\u0430\u043a CVE-2022-2856 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u043d\u0435\u043d\u0430\u0434\u0435\u0436\u043d\u044b\u0445 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0435 Intents.\n\nGoogle \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043d\u0435 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e\u0431 \u0430\u0442\u0430\u043a\u0430\u0445, \u043d\u043e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 Threat Analysis Group \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0435\u0449\u0435 19 \u0438\u044e\u043b\u044f.\n\nChrome 104.0.5112.101 \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u043e\u0448\u0438\u0431\u043a\u0443, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0443\u044e \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c Google Project Zero, \u043f\u044f\u0442\u044c \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u043d\u044b\u0445 \u0441\u043e\u0442\u0440\u0443\u0434\u043d\u0438\u043a\u0430\u043c\u0438 Google \u0441\u043e\u0432\u043c\u0435\u0441\u0442\u043d\u043e \u0441 \u0432\u043d\u0435\u0448\u043d\u0438\u043c\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c\u0438, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0435\u0449\u0435 \u0442\u0440\u0438 - \u0441\u0440\u0435\u0434\u043d\u0435\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438.\n\n\u0410 \u0432\u043e\u0442 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 Android 13 \u0437\u0430\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043f\u0440\u0438\u0434\u0443\u043c\u044b\u0432\u0430\u0442\u044c \u0441\u043f\u043e\u0441\u043e\u0431\u044b \u043e\u0431\u0445\u043e\u0434\u0430 \u043d\u043e\u0432\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u00ab\u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438\u00bb.\n\n\u041d\u043e\u0432\u0430\u044f \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0431\u044b\u043b\u0430 \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442\u0430 \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 Google Pixel, \u0430 \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 \u043a\u043e\u0434\u00a0\u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d \u043d\u0430 AOSP.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u044d\u0442\u043e\u0433\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430 Google \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u043b\u0430 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u043e\u0433\u043e \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0412 \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 Android \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u043c\u043e\u0431\u0438\u043b\u044c\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u043f\u043e\u043f\u0430\u0434\u0430\u043b\u0438 \u043d\u0430 \u043c\u0438\u043b\u043b\u0438\u043e\u043d\u044b \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0447\u0435\u0440\u0435\u0437 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f-\u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0435 \u0432 Play Store, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u0430\u0441\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438\u0441\u044c \u043f\u043e\u0434 \u0437\u0430\u043a\u043e\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u043b\u043e\u0443\u043f\u043e\u0442\u0440\u0435\u0431\u043b\u044f\u043b\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u0441\u043b\u0443\u0436\u0431\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439.\n\n\u041d\u043e\u0432\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044f \u0432 Android 13 \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u0442 \u0437\u0430\u0433\u0440\u0443\u0436\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043e\u0442 \u0437\u0430\u043f\u0440\u043e\u0441\u0430 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441\u043b\u0443\u0436\u0431\u044b \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439, \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0432\u0430\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u044e APK-\u0444\u0430\u0439\u043b\u0430\u043c\u0438 \u0438\u0437 Google Play.\n\n\u0420\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b Threat Fabric \u0437\u0430\u043c\u0435\u0442\u0438\u043b\u0438, \u0447\u0442\u043e \u0430\u0432\u0442\u043e\u0440\u044b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e \u0443\u0436\u0435 \u0440\u0430\u0437\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u044e\u0442 \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b \u043f\u043e\u0434 Android, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u044c \u044d\u0442\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0438 \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0442\u044c \u043d\u0430 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u043f\u043e\u043b\u0435\u0437\u043d\u044b\u0435 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438, \u043e\u0431\u043b\u0430\u0434\u0430\u044e\u0449\u0438\u0435 \u0432\u044b\u0441\u043e\u043a\u0438\u043c\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438.\n\n\u0421\u0440\u0435\u0434\u0438 \u0442\u0430\u043a\u0438\u0445 \u043f\u0435\u0440\u0435\u0434\u043e\u0432\u0438\u043a\u043e\u0432 \u043e\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c Hakoden, \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u0432\u0448\u0438\u0435 \u0434\u0440\u043e\u043f\u043f\u0435\u0440\u044b Gymdrop \u0438 \u044f\u0432\u043b\u044f\u044e\u0449\u0438\u0435\u0441\u044f \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u0430\u043c\u0438 \u0431\u0430\u043d\u043a\u043e\u0432\u0441\u043a\u043e\u0433\u043e \u0442\u0440\u043e\u044f\u043d\u0430 Xenomorph \u0434\u043b\u044f Android.\n\n\u0425\u0430\u043a\u0435\u0440\u044b \u0432\u043e\u0432\u0441\u044e \u043f\u0438\u043b\u044f\u0442 \u0434\u0440\u043e\u043f\u043f\u0435\u0440 BugDrop, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0435\u0442\u043e\u0434\u0430 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043d\u0430 \u043e\u0441\u043d\u043e\u0432\u0435 \u0441\u0435\u0430\u043d\u0441\u0430 \u0434\u043b\u044f \u0431\u043e\u043a\u043e\u0432\u043e\u0439 \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u043f\u043e\u043b\u0435\u0437\u043d\u043e\u0439 \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e. Android 13 \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0440\u0430\u0441\u043f\u043e\u0437\u043d\u0430\u0435\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 API \u0438 \u043d\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435.\n\n\u0413\u043b\u044f\u0434\u044f \u043d\u0430 Hakoden, \u0440\u0435\u0441\u0435\u0440\u0447\u0435\u0440\u044b \u0442\u0430\u043a\u0436\u0435 \u0441\u043c\u043e\u0433\u043b\u0438\u00a0\u0441\u043e\u0437\u0434\u0430\u0442\u044c\u00a0\u044d\u043a\u0441\u043f\u0435\u0440\u0438\u043c\u0435\u043d\u0442\u0430\u043b\u044c\u043d\u044b\u0439 \u0434\u0440\u043e\u043f\u043f\u0435\u0440, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043b\u0435\u0433\u043a\u043e \u043e\u0431\u0445\u043e\u0434\u0438\u043b \u044d\u0442\u0443 \u043d\u043e\u0432\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u044e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u043f\u043e\u043b\u0443\u0447\u0430\u044f \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u043b\u0443\u0436\u0431\u0430\u043c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0435\u0439.\n\n\u0414\u043b\u044f \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0433\u043e \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u0441 \u0442\u0435\u043c, \u043a\u0430\u043a \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u043e\u0432\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u043a\u0430\u043a\u043e\u0432\u044b \u0435\u0435 \u0441\u043b\u0430\u0431\u044b\u0435 \u043c\u0435\u0441\u0442\u0430, \u043b\u0443\u0447\u0448\u0435 \u043f\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0432\u00a0\u0431\u043b\u043e\u0433\u0435.\n\n\u0410 \u0447\u0442\u043e \u043a\u0430\u0441\u0430\u0435\u0442\u0441\u044f BugDrop, \u0442\u043e \u043f\u0440\u0438 \u043f\u043e\u043b\u043d\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u044d\u0442\u0430 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u0430\u044f \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043d\u043e\u0432\u044b\u0435 \u043c\u0435\u0440\u044b \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Google, \u0434\u0430\u0436\u0435 \u0434\u043e \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043e\u043d\u0438 \u0431\u0443\u0434\u0443\u0442 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u044b.\n\n\u041f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u043d\u0435 \u0437\u0440\u044f \u043d\u043e\u0432\u0430\u044f \u0432\u0435\u0440\u0441\u0438\u044f \u041e\u0421 \u0438\u043c\u0435\u043d\u043d\u043e 13-\u0430\u044f.", "creation_timestamp": "2022-08-18T16:41:01.000000Z"}, {"uuid": "a6596672-2b94-4c89-abd6-606b3f3c40f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-28560", "type": "seen", "source": "https://t.me/cibsecurity/41821", "content": "\u203c CVE-2022-28560 \u203c\n\nThere is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-05-03T20:33:50.000000Z"}, {"uuid": "965cbe15-4e18-405f-87a5-48805c297336", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-2856", "type": "seen", "source": "https://t.me/thehackernews/2494", "content": "CISA has updated its Known Exploited Vulnerabilities Catalog with 7 new vulnerabilities based on evidence of active exploitation.\n\nRead details: https://thehackernews.com/2022/08/cisa-adds-7-new-actively-exploited.html\n\nCVE-2017-15944, CVE-2022-21971, CVE-2022-26923, CVE-2022-2856, CVE-2022-32893, CVE-2022-32894, CVE-2022-22536", "creation_timestamp": "2022-08-23T14:49:44.000000Z"}]}