{"vulnerability": "cve-2024-0230", "sightings": [{"uuid": "83dce1a6-3238-4ece-b61f-28bd5ef2b176", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/ctinow/178399", "content": "https://ift.tt/Nnde9c8\nCVE-2024-0230 | Apple Magic Keyboard prior 2.0.6 Bluetooth Pairing user session", "creation_timestamp": "2024-02-03T06:36:11.000000Z"}, {"uuid": "ee1164c6-9cba-4b5f-86aa-b6f59aa31d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/ctinow/167626", "content": "https://ift.tt/oa28eCt\nCVE-2024-0230", "creation_timestamp": "2024-01-13T00:26:40.000000Z"}, {"uuid": "9e54e578-4eee-44d3-aa3f-5baab28e53e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/GhostClanInt/25042", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-10T16:13:21.000000Z"}, {"uuid": "71b3bdf0-0b2d-4c2b-8eb2-b21db9f00a9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/10237", "content": "#WLAN_Security\nBlueDucky 0-click: Bluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows (CVE-2024-0230)\nhttps://github.com/skysafe/reblog/tree/main/cve-202s4-0230\n]-> PoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n]-> BlueDucky (Android):\nhttps://github.com/pentestfunctions/BlueDucky", "creation_timestamp": "2024-03-29T11:01:14.000000Z"}, {"uuid": "5a68ca99-1bdf-4d9c-80c5-d2732a1f9a30", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/Rootsec_2/2561", "content": "#exploit\n1. CVE-2024-0230:\nBluetooth vulnerabilities in Android, Linux, macOS, iOS and Windows\nhttps://github.com/skysafe/reblog/tree/main/cve-2024-0230\n]-> PoCs: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n2. WifiKey AC Gateway Pre-auth RCE\nhttps://ssd-disclosure.com/ssd-advisory-wifikey-ac-gateway-pre-auth-rce\n\n3. CVE-2024-0204:\nPoC for Fortra GoAnywhere MFT Authentication Bypass\nhttps://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive", "creation_timestamp": "2024-08-16T09:02:40.000000Z"}, {"uuid": "7d846acb-ad6d-45f0-b61d-80f1127b2343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/purple_medved/181", "content": "Hi, My Name is Keyboard\n\n\u0421\u0435\u0433\u043e\u0434\u043d\u044f \u0445\u043e\u0447\u0443 \u043f\u043e\u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u043e\u0432\u0430\u0442\u044c \u043a\u0440\u0443\u0442\u043e\u0439 \u0441\u0432\u0435\u0436\u0435\u043d\u044c\u043a\u0438\u0439 \u0440\u0435\u0441\u0435\u0440\u0447 \u043e\u0442 Marc Newlin, \u0430\u0432\u0442\u043e\u0440\u0430 \u0446\u0435\u043b\u043e\u0433\u043e \u043a\u043b\u0430\u0441\u0441\u0430 \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0430\u0442\u0430\u043a MouseJack \u043d\u0430 \u0431\u0435\u0441\u043f\u0440\u043e\u0432\u043e\u0434\u043d\u044b\u0435 \u043c\u044b\u0448\u0438 \u0438 \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b Logitech, Microsoft \u0438 \u0434\u0440\u0443\u0433\u0438\u0445 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u0432, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0434\u0430\u0436\u0435 \u0447\u0435\u0440\u0435\u0437 8 \u043b\u0435\u0442 \u0441 \u043c\u043e\u043c\u0435\u043d\u0442\u0430 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0438\u044f \u043d\u0435 \u0442\u0435\u0440\u044f\u044e\u0442 \u0441\u0432\u043e\u0435\u0439 \u044d\u0444\u0444\u0435\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u0438 \u0438 \u044f\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u043e\u0442\u043b\u0438\u0447\u043d\u044b\u043c \u0432\u0435\u043a\u0442\u043e\u0440\u043e\u043c \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043d\u0430 Red Team, \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0434\u0435\u043b\u0430\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0446\u0435\u043d\u043d\u044b\u0439 physical.\n\n\u041d\u0430 \u044d\u0442\u043e\u0442 \u0440\u0430\u0437 \u043f\u043e\u0434 \u043f\u0440\u0438\u0446\u0435\u043b\u043e\u043c \u043c\u0430\u0441\u0442\u0435\u0440\u0430 \u043e\u043a\u0430\u0437\u0430\u043b\u0441\u044f Bluetooth HID \u0438 \u043a\u0430\u043a \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442 \u0446\u0435\u043b\u0430\u044f \u043f\u0430\u0447\u043a\u0430 CVE \u0432 \u0440\u0430\u0437\u043d\u044b\u0445 \u041e\u0421: macOS, iOS, Android, Linux (BlueZ), Windows, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0445 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0442\u044c Bluetooth \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u0443 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0443\u0447\u0430\u0441\u0442\u0438\u044f \u0438 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u043e\u043b\u0435\u0437\u043d\u0443\u044e \u043d\u0430\u0433\u0440\u0443\u0437\u043a\u0443 (inject keystrokes) \u0432 \u0441\u0442\u0438\u043b\u0435 MouseJack\ud83d\ude0e \u0418 CVE-2024-0230 - \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u044f (pairing process) Link Key \u043c\u0435\u0436\u0434\u0443 Magic Keyboard \u0438 Apple MacOS, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c\u0441\u044f \u043a \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u0435 \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438\u043b\u0438 \u043a Mac \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \"\u0432\u043e\u043b\u0448\u0435\u0431\u043d\u043e\u0439\" \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b\ud83d\ude1c\n\n\u0415\u0441\u043b\u0438 \u043a\u043e\u0440\u043e\u0442\u043a\u043e, \u0442\u043e Bluetooth HID \u0441\u043f\u0430\u0440\u0438\u0432\u0430\u043d\u0438\u0435 pairing \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c:\n\u2705 Link Key  - used to encrypt the data sent between two Bluetooth devices\n\u2705 Pairing - establishes the link key\n\u2705 Bonding - saves the link key to the device\n\u2705 Out of Band Pairing - performs pairing and bonding over a non-Bluetooth channel like NFC or USB\n\u2705 Pairing Capability - defines the authentication mechanisms supported by a host or peripheral\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0441\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u0435 \u043c\u043e\u0436\u0435\u0442 \u0441\u0430\u043c \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0430\u0435\u043c\u044b\u0439 \u0434\u0435\u0432\u0430\u0439\u0441, \u0431\u0435\u0437 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0435\u0441\u043b\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u0441\u043f\u043e\u0441\u043e\u0431\u0430 \u0441\u043e\u043f\u0440\u044f\u0436\u0435\u043d\u0438\u044f \u043d\u0430 \u044d\u0442\u0430\u043f\u0435 Pairing (\u0441\u043a\u0440\u0438\u043d \u0432\u044b\u0448\u0435) \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f NoInputNoOutput (\u0434\u043b\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0442\u0438\u043f\u0430 \u043c\u044b\u0448\u0435\u0439, \u0431\u0435\u0437 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u044b\u0445 \u043a\u043d\u043e\u043f\u043e\u043a \u0438 \u0434\u0438\u0441\u043f\u043b\u0435\u044f)\ud83d\ude4a \n\n\u0422\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c RCE \u0447\u0435\u0440\u0435\u0437 Force-pairing \u0438 Keystrokes injections \u043d\u0430 macOS \u0438 iOS (paired c Magic Keyboard), Android (zero-click), Linux (zero-click), Windows (almost zero-click) \u0445\u043e\u0441\u0442\u0430\u0445, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c Android 4.2.2 - 10, iOS 16 \u0438 macOS 12-14.2 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u0443\u0436\u0435 \u043d\u0435 \u043f\u043e\u043b\u0443\u0447\u0430\u0442 \u043f\u0430\u0442\u0447\u0438, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\ud83d\ude48 \n\n\u0414\u0435\u0442\u0430\u043b\u0438 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f:\n\u2705 \u0414\u043e\u043a\u043b\u0430\u0434 Marc Newlin \u043d\u0430 Shmoocon 2024 - https://youtu.be/3xn_TmTIT4Q?t=16255\n\u2705 POC \u043f\u043e\u0434 \u043a\u0430\u0436\u0434\u0443\u044e \u041e\u0421 - https://github.com/marcnewlin/hi_my_name_is_keyboard\n\u2705 Affected Versions - https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md#known-affected-versions-1", "creation_timestamp": "2024-01-22T07:29:36.000000Z"}, {"uuid": "08b0712c-80b8-4303-b0ea-587eb54cdd1a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "Telegram/0ZhYOQ1xmmQI2PBsRCTHnCoHXeSDJZomhC6fCBAraU-2R7CQ", "content": "", "creation_timestamp": "2024-02-07T17:04:31.000000Z"}, {"uuid": "5e17ee99-43f3-4a80-af92-3bced9018bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/7936", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-10T15:23:38.000000Z"}, {"uuid": "33effbd9-349b-4b05-87f4-5c3b8e0b05fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/GhostsForum/21924", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-10T15:23:51.000000Z"}, {"uuid": "3892e11d-0845-42fd-83ed-214c9e7dd9d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/GrayHatsHack/6715", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-10T15:23:38.000000Z"}, {"uuid": "7c28fe79-94f1-4813-b303-a974b9b6591f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/cyberden_team/493", "content": "\ud83d\udca5\u0421\u0430\u043c\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 CVE \u0437\u0430 \u044f\u043d\u0432\u0430\u0440\u044c 2024 \u0433\u043e\u0434\u0430\n\n\u0412 \u044d\u0442\u043e\u0439 \u043f\u043e\u0434\u0431\u043e\u0440\u043a\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u044b \u0441\u0430\u043c\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0437\u0430 \u044f\u043d\u0432\u0430\u0440\u044c 2024 \u0433\u043e\u0434\u0430:\n\nCVE-2024-23897\nCVE-2024-0402 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.9\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-0204 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-0230 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a02.4\u00a0\u0431\u0430\u043b\u043b\u0430.\nCVE-2024-20253 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.9\u00a0\u0431\u0430\u043b\u043b\u0430.\nCVE-2024-20272 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a07.3\u00a0\u0431\u0430\u043b\u043b\u0430.\nCVE-2024-21591 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-0200 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-0507 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a08.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-21737 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a09.1\u00a0\u0431\u0430\u043b\u043b\u0430.\nCVE-2024-21672 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a08.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-21673 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a08.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-21674 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a07.5\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-22197 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a08.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.\nCVE-2024-22198 - \u041e\u0446\u0435\u043d\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u00a0\u0448\u043a\u0430\u043b\u0435 CVSS 3.1 \u2014\u00a08.8\u00a0\u0431\u0430\u043b\u043b\u043e\u0432.", "creation_timestamp": "2024-02-12T11:59:05.000000Z"}, {"uuid": "ac0adb17-83c0-4d31-9c0e-1a0ba724b517", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/1879", "content": "https://github.com/marcnewlin/hi_my_name_is_keyboard\n\nProof of concept scripts for CVE-2023-45866, CVE-2024-21306 and CVE-2024-0230.\n#github", "creation_timestamp": "2024-01-20T15:05:14.000000Z"}, {"uuid": "42a65799-6363-422b-b3b2-8bc96448078b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/arpsyndicate/3034", "content": "#ExploitObserverAlert\n\nCVE-2024-0230\n\nDESCRIPTION: Exploit Observer has 5 entries in 3 file formats related to CVE-2024-0230. A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.\n\nFIRST-EPSS: 0.000440000\nNVD-IS: 1.4\nNVD-ES: 0.9", "creation_timestamp": "2024-01-26T18:42:01.000000Z"}, {"uuid": "36ee1302-2243-41e1-a85a-c3bb4b078105", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/CyberDilara/171", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-17T14:10:51.000000Z"}, {"uuid": "885898e3-2d17-4de9-9f39-55439816b3b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/breachdetector/419178", "content": "{\n  \"Source\": \"https://exploit.in/\",\n  \"Content\": \"CVE-2024-0230: Apple \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u0432\u0435\u0440\u0438 \u0434\u043b\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a Magic Keyboard\", \n  \"author\": \"News Support\",\n  \"Detection Date\": \"12 Jan 2024\",\n  \"Type\": \"Data leak\"\n}\n\ud83d\udd39 t.me/breachdetector \ud83d\udd39", "creation_timestamp": "2024-01-12T11:11:47.000000Z"}, {"uuid": "b9f3d097-77f1-45e0-ae8b-6289386273d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "Telegram/g4PyoiPlCizBOBPSCabqylJXzZUsVo2qf9-7_8-hSi-LvKM", "content": "", "creation_timestamp": "2024-03-02T20:43:00.000000Z"}, {"uuid": "6bbbf2ba-16d4-4dda-a6b3-dfada60b2168", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "seen", "source": "https://t.me/itsec_news/3966", "content": "\u200b\u26a1\ufe0fCVE-2024-0230: Apple \u0437\u0430\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u0434\u0432\u0435\u0440\u0438 \u0434\u043b\u044f \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a Magic Keyboard\n\n\u041a\u043e\u043c\u043f\u0430\u043d\u0438\u044f Apple \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0448\u0438\u0432\u043a\u0438 \u0434\u043b\u044f Magic Keyboard, \u0447\u0442\u043e\u0431\u044b \u0443\u0441\u0442\u0440\u0430\u043d\u0438\u0442\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u0434 \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u043c CVE-2024-0230 (\u043f\u0435\u0440\u0432\u043e\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0443\u044e \u043a\u0430\u043a CVE-2023-45866 ), \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c Bluetooth-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b.\n\n\u042d\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u043e\u0434\u043e\u0432\u0430\u043d\u0430 \u0432 \u0434\u0435\u043a\u0430\u0431\u0440\u0435 , \u0445\u043e\u0442\u044f \u043e \u043d\u0435\u0439 \u0441\u0442\u0430\u043b\u043e \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e \u0435\u0449\u0451 \u0432 \u0430\u0432\u0433\u0443\u0441\u0442\u0435 2023 \u0433\u043e\u0434\u0430 .\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u041c\u0430\u0440\u043a \u041d\u044c\u044e\u043b\u0438\u043d, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b \u043e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0437\u0430\u044f\u0432\u0438\u043b, \u0447\u0442\u043e \u043e\u043d \u043c\u0435\u0441\u044f\u0446\u0430\u043c\u0438 \u0438\u0437\u0443\u0447\u0430\u043b \u0438 \u0441\u043e\u043e\u0431\u0449\u0430\u043b \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430\u0445 \u0441 \u043d\u0435\u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0451\u043d\u043d\u044b\u043c\u0438 Bluetooth-\u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u044f\u043c\u0438 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445 macOS \u0438 iOS.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0435\u0435 \u043d\u043e\u043c\u0435\u0440 \u0432\u0435\u0440\u0441\u0438\u0438 2.0.6, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u0434\u043b\u044f \u043e\u0431\u044b\u0447\u043d\u043e\u0439 \u0438 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0439 Magic Keyboard, \u043a\u0430\u043a \u0441 Touch ID, \u0442\u0430\u043a \u0438 \u0431\u0435\u0437 \u043d\u0435\u0433\u043e. \u041f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0434\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043d\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f: \u043e\u043d\u043e \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u043f\u0440\u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0438 \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b Magic Keyboard \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0443 Apple.\n\n\u041d\u0430\u043f\u043e\u043c\u043d\u0438\u043c, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u0430 \u0442\u0435\u043c, \u0443 \u043a\u043e\u0433\u043e \u0431\u044b\u043b \u043e\u0434\u043d\u043e\u043a\u0440\u0430\u0442\u043d\u044b\u0439 \u0444\u0438\u0437\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a Bluetooth-\u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u0435, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043a Magic Keyboard, \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0438\u0442\u044c \u043a\u043b\u044e\u0447 \u043f\u0430\u0440\u044b Bluetooth. \u041f\u043e\u043b\u0443\u0447\u0438\u0432 \u0435\u0433\u043e, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043e\u0431\u043c\u0430\u043d\u0443\u0442\u044c \u0445\u043e\u0441\u0442 Bluetooth \u0438 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u0443\u044e \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u0443 \u0431\u0435\u0437 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f.\n\n\u041f\u043e\u0441\u043b\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043f\u043e\u0434\u0434\u0435\u043b\u044c\u043d\u043e\u0439 \u043a\u043b\u0430\u0432\u0438\u0430\u0442\u0443\u0440\u044b \u043a Mac \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0433 \u043f\u043e \u0441\u0432\u043e\u0435\u043c\u0443 \u0443\u0441\u043c\u043e\u0442\u0440\u0435\u043d\u0438\u044e \u043d\u0430\u0436\u0438\u043c\u0430\u0442\u044c \u043b\u044e\u0431\u044b\u0435 \u043a\u043b\u0430\u0432\u0438\u0448\u0438. \u0425\u043e\u0442\u044f \u0434\u043b\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439, \u0442\u0440\u0435\u0431\u0443\u044e\u0449\u0438\u0445 \u043f\u0430\u0440\u043e\u043b\u044c \u0438\u043b\u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 Touch ID, \u0442\u0430\u043a\u043e\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0435 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u043b \u0443\u0433\u0440\u043e\u0437\u044b, \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0432\u0441\u0451 \u0435\u0449\u0451 \u043c\u043e\u0433 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0447\u0438\u0442\u0430\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0441\u043a\u0430\u0447\u0438\u0432\u0430\u0442\u044c \u0444\u0430\u0439\u043b\u044b \u0441 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u0412\u0432\u043e\u0434\u0438\u043c\u044b\u0435 \u043a\u043b\u0430\u0432\u0438\u0448\u0438 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u044b\u0435 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0437\u0430\u043f\u0443\u0441\u043a \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439 \u0438\u043b\u0438 \u0432\u0432\u043e\u0434 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u044b\u0445 \u0441\u043e\u0447\u0435\u0442\u0430\u043d\u0438\u0439, \u0440\u0430\u0437\u0443\u043c\u0435\u0435\u0442\u0441\u044f, \u0431\u044b\u043b\u0438 \u0432\u0438\u0434\u043d\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443, \u0432\u0438\u0434\u0438\u043c\u043e, Apple \u0438 \u043d\u0435 \u0441\u043f\u0435\u0448\u0438\u043b\u0430 \u0441 \u0432\u044b\u043f\u0443\u0441\u043a\u043e\u043c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f, \u043d\u0435 \u043f\u0440\u0438\u0434\u0430\u0432 \u0435\u043c\u0443 \u043e\u0441\u043e\u0431\u043e\u0439 \u0432\u0430\u0436\u043d\u043e\u0441\u0442\u0438.\n\n\ud83d\udd14 ITsec NEWS", "creation_timestamp": "2024-01-12T11:00:21.000000Z"}, {"uuid": "002c8335-f3f1-4053-bcc8-4284a98a226e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/7370", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aHelper script to POC of CVE-2024-0230 Bluetooth\nURL\uff1ahttps://github.com/keldnorman/cve-2024-0230-blue\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-05-21T22:28:16.000000Z"}, {"uuid": "f80aca37-3003-43e6-a322-7b150b663912", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-0230", "type": "published-proof-of-concept", "source": "https://t.me/dilagrafie/3276", "content": "Tools - Hackers Factory\n\nRace conditions primitives on speculatively executed code paths (GhostRace)\n\nPaper: https://www.vusec.net/projects/ghostrace/\nWebsite: https://www.vusec.net/projects/ghostrace\nPoC: https://github.com/vusec/ghostrace\n\nBluetooth keystroke injection affecting various OS (CVE-2023-45866, CVE-2024-21306, and CVE-2024-0230) by Marc Newlin\u00a0 \n\nBlog post: https://github.com/skysafe/reblog/blob/main/cve-2024-0230/README.md\nPoC: https://github.com/marcnewlin/hi_my_name_is_keyboard\n\n#bluetooth\n\nComprehensive .NET tool designed to extract and display detailed information about Windows Defender exclusions and Attack Surface Reduction (ASR) rules without Admin privileges\n\nhttps://github.com/0xsp-SRD/MDE_Enum\n\nWiFi Penetration Testing & Auditing Tool \n\nhttps://github.com/FLOCK4H/Freeway\n\nbin2ml\u00a0is a command line tool to extract machine learning ready data from software binaries.\n\ngithub.com/br0kej/bin2ml\n\nPython tool for continuous password spraying taking into account the password policy.\n\nhttps://github.com/login-securite/conpass\n\nWeb vulnerability scanner written in Python3 \n\nhttps://github.com/wapiti-scanner/wapiti\n\nZip Slip Vulnerability (Arbitrary file write through archive extraction) \n\nhttps://github.com/snyk/zip-slip-vulnerability/\n\nTunnel TCP connections through a file \n\nhttps://github.com/fiddyschmitt/File-Tunnel?tab=readme-ov-file\n\nA collection of USB hacking\u2013related links.\n\nhttps://github.com/xairy/usb-hacking/blob/master/LINKS.md\n\n#HackersFactory", "creation_timestamp": "2024-06-10T15:23:08.000000Z"}]}