Cybersecurity specialists reported the finding of 4 vulnerabilities in Azure Sphere, a set of Internet of Things (IoT) solutions developed by Microsoft. Successful exploitation of these flaws would allow threat actors to bypass multiple security controls and escalate privileges on the affected systems.
Below are brief descriptions of reported flaws, in addition to their respective scores according to the Common Vulnerability Scoring System (CVSS). It should be noted that these flaws do not yet have a tracking key.
The first of the reported flaws exists due to inadequate implementation of access restrictions on signed code execution functionality, which would allow local threat actors to use a specially designed shellcode to modify the runtime program using “/proc/thread-self/mem”, triggering arbitrary code execution on the target system. The fault received a score of 7.3/10.
The second reported flaw exists due to incorrect security restrictions on signed code execution functionality. Local users can use a specially designed shellcode to set the personality “READ_IMPLIES_EXEC” and execute arbitrary code on the target system.
This fault received a score of 5.6/10, cybersecurity specialists mentioned.
The third vulnerability exists due to inadequate access restrictions in Capability’s access control functionality. Malicious local users can use a set of ptrace system calls to evade security restrictions on the system and obtain elevated privileges. The vulnerability received a score of 7.1/10.
The last of the reported failures exists due to insufficient validation of the input provided in the “uid_map” functionality, which could be exploited by threat actors to make more than one application have the same UID assigned, obtaining elevated privileges on the target system. This fault also received a score of 7.1/10.
The failures reside in the following Azure Sphere versions: 20.06, 20.07. Attempts to exploit these failures have not yet been detected.
While exploiting these vulnerabilities requires local access to the target system, specialists recommend that you do not ignore the corresponding updates, which are already available on official Microsoft platforms if they are not installed automatically.
He is a cyber security and malware researcher. He studied Computer Science at Miami and started working as a cyber security analyst in 2008. He is actively working as an cyber security investigator. He also worked for security companies like Cisco. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.