The way a buffer overflow vulnerability works is you're able to load arbitrary code into memory e.g. via a file like a preset that's read as part of a program's normal operation and then hijack the process to cause it to do what you want by having it execute that code. It doesn't matter what the process is supposed to do, if this type of vulnerability is present you can make it do something else.chk071 wrote: ↑Wed Apr 28, 2021 5:45 pmThe plugins don't get general rights to write into system folders...
Apart from that, the plugins also only do the things they're supposed to do (like saving their settings, or presets to the hard disk). I never heard of a plugin which works as a malware through the DAW. If anything, the malware is in the plugin installer's executable.
Malware in presets?
-
- KVRian
- 1428 posts since 27 Apr, 2012
Softsynth addict and electronic music enthusiast.
"Destruction is the work of an afternoon. Creation is the work of a lifetime."
"Destruction is the work of an afternoon. Creation is the work of a lifetime."
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
Never happened. Ok, that's what I wanted to hear. Yes, I probably know too much because I am a developer. I‘m probably overthinking things. But I am sure these security threats are the reason for Apple to try to change the whole system.
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
The only reason it never happened is probably because there are so many plugins and they can only infect a few people with free presets.
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
-
- KVRian
- 1428 posts since 27 Apr, 2012
I am definitely not the definitive source on what has happened but I've followed audio software-related stuff since 2012 and never once heard of anything like this. It didn't even occur to me as a possibility until I saw this thread.
Softsynth addict and electronic music enthusiast.
"Destruction is the work of an afternoon. Creation is the work of a lifetime."
"Destruction is the work of an afternoon. Creation is the work of a lifetime."
- KVRian
- Topic Starter
- 568 posts since 19 Aug, 2020 from the top of the charts
Oh, oh. I hope, I haven't opened a can of worms…
If you plan on purchasing your first Universal Audio hardware, you can get a free additional plugin. Just send a PM.
- KVRian
- 1091 posts since 13 Mar, 2008 from Arnhem, Netherlands
I think the line of thought is that the synth checks if the parameter settings it's receiving through the preset/fxp are valid values for it.AnX wrote: ↑Wed Apr 28, 2021 5:23 pm so you expect every company to check every free preset on the net?
not gonna happen
try this
https://www.malwarebytes.com/mwb-download/
If not, the file could contain malicious code.
In that case the plugin wouldn't load the code but block it as invalid.
This kind of thing is common in business software applications.
-
- KVRer
- 5 posts since 5 May, 2021
- KVRAF
- 18551 posts since 16 Sep, 2001 from Las Vegas,USA
Just what kind of "professionals" would you talk to ? The person who made those files has posted in this thread. The files are safe but if you're still concerned run the zip file through VirusTotal:
https://www.virustotal.com/gui/home/upload
https://www.virustotal.com/gui/home/upload
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
- KVRAF
- 18551 posts since 16 Sep, 2001 from Las Vegas,USA
What was the clue that gave him away ? I would have never guessed.
None are so hopelessly enslaved as those who falsely believe they are free. Johann Wolfgang von Goethe
-
- KVRAF
- 1568 posts since 1 Aug, 2006 from Italy
Anyway, why would anybody use presets for a vst plugin for such purposes? I mean: it looks like a very narrow target (the user base of a specific plugin with a vulnerability would have to downlad a certain preset...) and probably not really worth the effort...
I think a cyber criminal would rather use an unsafe website/hosting service and take advantage of browser's vulnerabilities, or perhaps add some "unwelcome surprises" to "the forbidden word you know what I mean" software.
Cyber criminals either target a specific person/organization (for very specific reasons/goals - and then they will do whatever it takes to reach their goals) or they go fishing in the middle of the mass. In this second case, they'd better be "effective", so it's not that smart for them to target a small user base and to have as a requirement the execution of a very specific/unlikely behaviour (downloading a certain preset and opening it), maybe also in a reasonable amount of time (not just a user every few months)... reaching a selected/small group of people may be a smart way to fly under the radar, but I think a cyber criminal would probably look for something more effective. That's not to say that cyber criminals will never do something like this (they may want to just prove a point), but usually they are money-driven, so it's more likely they focus their effort on things that may reach a lot of people in a reasonable amount of time and bring them money.
As a rule of thumb, if you don't know/trust the source, you'd better avoid downloading/interacting in any way. Instead, if you know/trust the source, then you should apply all the usual safety measures (look if there's something looking suspicious, scan for "unwelcome surprises"...) without lowering your attention (using knowledge/trust is a common strategy to make you do things you wouldn't usually do).
I think a cyber criminal would rather use an unsafe website/hosting service and take advantage of browser's vulnerabilities, or perhaps add some "unwelcome surprises" to "the forbidden word you know what I mean" software.
Cyber criminals either target a specific person/organization (for very specific reasons/goals - and then they will do whatever it takes to reach their goals) or they go fishing in the middle of the mass. In this second case, they'd better be "effective", so it's not that smart for them to target a small user base and to have as a requirement the execution of a very specific/unlikely behaviour (downloading a certain preset and opening it), maybe also in a reasonable amount of time (not just a user every few months)... reaching a selected/small group of people may be a smart way to fly under the radar, but I think a cyber criminal would probably look for something more effective. That's not to say that cyber criminals will never do something like this (they may want to just prove a point), but usually they are money-driven, so it's more likely they focus their effort on things that may reach a lot of people in a reasonable amount of time and bring them money.
As a rule of thumb, if you don't know/trust the source, you'd better avoid downloading/interacting in any way. Instead, if you know/trust the source, then you should apply all the usual safety measures (look if there's something looking suspicious, scan for "unwelcome surprises"...) without lowering your attention (using knowledge/trust is a common strategy to make you do things you wouldn't usually do).