The vulnerability of the kav4fs-control service in the Kaspersky Anti-Virus for Linux File Server antivirus solution allows a hacker to elevate their privileges to root.

The vulnerability of the kav4fs-control service in the Kaspersky Anti-Virus for Linux File Server antivirus solution exists due to insufficient validation of input data during read and write operations for the bootloader. Exploiting this vulnerability allows a malicious actor, operating remotely...

DENX Software Engineering Das U-Boot Information Disclosure Vulnerability

DENX Software Engineering Das U-Boot is a set of bootloaders from DENX Software Engineering, Germany, that can read device configurations from AES encrypted files. An information disclosure vulnerability exists in DENX Software Engineering Das U-Boot. An attacker could exploit this vulnerability ...

DENX Software Engineering Das U-Boot Security Bypass Vulnerability

DENX Software Engineering Das U-Boot is a set of bootloaders from DENX Software Engineering, Germany, that can read device configurations from AES encrypted files. A security vulnerability exists in DENX Software Engineering Das U-Boot. An attacker could exploit the vulnerability to perform...

Samsung, Huawei and other phone Bootloader was traced to the presence of many high-risk bug-vulnerability warning-the black bar safety net

California University research team to create the main stream mobile platform in the bootloader exists in the code test and the DOS of the security gap. Workshop staff with a BootStomp to create 6 new found cracks, 5 of which division is the manufacturer to confirm. There is also a su XI reported...

The four mainstream Android phone manufacturers the BootLoader in the presence of multiple flaws vulnerability-vulnerability warning-the black bar safety net

University of California, Santa Barbara 9 the researchers found that the four mainstream chip manufacturers of the Android bootloader component the presence of multiple vulnerabilities. These vulnerabilities can lead to the phone chain of trust during the boot process is compromised, so that the...

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Exploit

Exploit for Android platform in category local exploits Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph...

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass

Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-10277 By Roee Hay / Aleph Research, HCL Technologies Recap of the Vulnerability and the...

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass

Motorola Bootloader - Kernel Cmdline Injection Secure Boot and Device Locking Bypass Sources: https://alephsecurity.com/2017/08/30/untethered-initroot/ https://github.com/alephsecurity/initroot initroot: Motorola Bootloader Kernel Cmdline Injection Secure Boot & Device Locking Bypass CVE-2016-102...

The vulnerability of the primary bootloader of OnePlus 2 operating systems allows a hacker to bypass digital signature verification checks.

The vulnerability of the Primary Bootloader of OnePlus 2 operating systems is related to deficiencies in access control—the bootloader lacks sufficient checks for digital signatures. Exploiting this vulnerability could allow a malicious actor, who has remote access and write permissions on the SB...

BootStomp: Find Mobile Device Bootloader Vulnerabilities

PenTestIT RSS Feed Oh boy! This post is going to be interesting as it is about an interesting topic - mobile bootloaders. Specifically, this post is about BootStomp, which helps you find vulnerabilities in the bootloader. All of us know; as the name suggests, that bootloader is a program loads th...

Huawei Cell Phone Write Arbitrary Memory Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A write-anywhere memory vulnerability exists in the Bootloader of the Huawei P10 and P10 Plus due to a lack of parameter checking. An attacker who has gained root access to the Android system can trick the us...

Huawei Mobile Phone Bootloader Memory Access Out-of-Bounds Vulnerability

Huawei P10 and P10 Plus are both smartphone products from Chinese company Huawei Huawei. A memory access out-of-bounds vulnerability exists in the Bootloader of Huawei P10 and P10 Plus due to lack of parameter checking. An attacker who has gained root access to Android could trick users into...

The return of Mamba ransomware

At the end of 2016, there was a major attack against San Francisco's Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has...

Multiple Huawei phones vulnerable to bypassing unlock code checksums

The Honor 8, Honor V8, Honor 9, Honor V9, Enjoy 7 Plus, P9, P10 Plus, Nova 2, and Nova 2 Plus are a smartphone from the Chinese company Huawei Huawei. Multiple Huawei phones are vulnerable to bypassing the unlock code checksum. An attacker who gains root access in the phone can use the...

Privilege Control Vulnerability in Multiple Huawei Phones

The Honor 8, Honor V8, Honor 9, Honor V9, Enjoy 7 Plus, P9, P10 Plus, Nova 2, and Nova 2 Plus are a smartphone from the Chinese company Huawei Huawei. Several Huawei phones have a privilege control vulnerability. An attacker who gains system privileges in the phone can use the vulnerability to...

Input validation

The OnePlus 2 Primary Bootloader PBL does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation...

CVE-2017-11105

The OnePlus 2 Primary Bootloader PBL does not validate the SBL1 partition before executing it, although it contains a certificate. This allows attackers with write access to that partition to disable signature validation...

OnePlus 2 SBL1 Partition Authentication Vulnerability

OnePlus 2 is a smartphone from China's OnePlus Technology OnePlus.Primary Bootloader PBL is one of the primary bootloaders. A security vulnerability exists in the OnePlus 2 PBL. An attacker can exploit the vulnerability to disable signature verification...

NetComm Wireless 4GT101W Router Cross-Site Request Forgery Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A cross-site request forgery vulnerability exists in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3. A remote attacker could exploit th...

NetComm Wireless 4GT101W Router Information Disclosure Vulnerability

NetComm Wireless 4GT101W routers is a wireless router product from NetComm Wireless Australia. A security vulnerability in NetComm Wireless 4GT101W routers running hardware version 0.01/software version V1.1.8.8/bootloader version 1.1.3 stems from the program's failure to perform an authenticatio...