128 matches found
CUPS < 2.0.3 - Multiple Vulnerabilities
Source: http://googleprojectzero.blogspot.se/2015/06/owning-internet-printing-case-study-in.html Abstract Modern exploit mitigations draw attackers into a game of diminishing marginal returns. With each additional mitigation added, a subset of software bugs become unexploitable, and others become...
Apple Patches Thunderstrike Bug in OSX, Fixes More Than 30 Flaws in iOS
Apple has released major security updates for both OS X and iOS that includes patches for a number of bugs that could lead to arbitrary code execution. The release of iOS 8.1.3 fixes a vulnerability that allowed an attacker to bypass the sandbox restrictions in Safari and the OS X update fixes a...
As Bug Bounties Become the Norm, Challenges Remain
SEATTLE–For many years, Microsoft and other large software vendors resisted the idea of providing bug bounties or other financial incentives for researchers to report vulnerabilities. That changed when the landscape began to shift and more researchers began reporting vulnerabilities through broke...
Microsoft Online Services Bug Bounty Program Launches
Microsoft had always rejected the possibility of a full-scale bug bounty, relying instead on solid relationships it spent the better part of a decade fostering with researchers worldwide who submit vulnerabilities to the Microsoft Security Research Center MSRC. Yet in the past couple of years, th...
CoreGraphics Information Disclosure - CVE-2014-4378
This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace...
September 2014 Microsoft Patch Tuesday security bulletins
The Operation SnowMan espionage campaign, which targeted military intelligence earlier this year via an Internet Explorer zero day, exposed a weak spot in Microsoft’s vulnerability management efforts. What was unique about the SnowMan operation is that it included a check as to whether the...
Microsoft Releases EMET 5.0 Exploit Mitigation Tool
The latest version of Microsoft’s freely available stopgap against zero-day exploits was released today with two new exploit mitigations and a batch of new configuration options. The update to Microsoft’s Enhanced Mitigation Experience Tool kit, or EMET, comes six months after a technical preview...
Microsoft Working on Patch for IE 8 Zero Day
UPDATE–Microsoft officials say they’re well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there’s no stated timeline for releasing that patch. The vulnerability in IE 8 is a use-after-free bug in the way th...
Another Internet Explorer Zero Day Surfaces
Researchers have disclosed a new zero day vulnerability in Internet Explorer 8 that could enable an attacker to run arbitrary code on vulnerable machines via drive-by downloads or malicious attachments in email messages. The vulnerability was discovered and disclosed to Microsoft in October, but...
BlackBerry Z 10 Buffer Overflow Vulnerability
BlackBerry Z 10 suffers from a remotely exploitable buffer overflow in qconnDoor. BlackBerry Z 10 Buffer Overflow Vulnerability 1. Timeline --------------------------------------------------------------------- 2013-06-23: Vendor has been contacted. 2013-06-24: Vendor response. 2013-06-27: Vendor...
Microsoft Mitigation Bypass Bug Bounty Winner Yang Yu
Yang Yu is no stranger to writing mitigation bypasses for Microsoft Windows products. A year ago at the CanSecWest conference in Vancouver, the 35-year-old security researcher from Beijing did an extensive presentation on bypassing Address Space Layout Randomization ASLR and Data Execution...
Bugging the Bug Market
PUNTA CANA–The Microsoft bug bounty program, started last year as a way to encourage researchers to develop new offensive and defensive techniques, has been a success so far and the company is looking for new ways to expand it in the future. Katie Moussouris, the security strategist at Microsoft...
Microsoft Changes Bug Bounty Program to Include Incident Responders, Forensics Specialists
Having found some initial success with its first foray into the bug bounty world, Microsoft is expanding the program to open up payments of up to $100,000 to incident response teams and forensics experts who come across active attacks in the wild that include new techniques that bypass exploit...
Researcher Takes Home $100k Prize From Microsoft For New Attack
One day after announcing that it had paid researchers $28,000 for reporting a number of vulnerabilities in Internet Explorer 11, Microsoft revealed that it has written a much bigger check–this one for $100,000–to a researcher who has discovered a new attack technique that bypasses all of the...
Inside the Security Model of BlackBerry 10
LAS VEGAS–The new BlackBerry 10 operating system contains a number of security improvements and upgrades over earlier versions, but there are still some features and functions that an attacker may be able to exploit. The OS also contains a diagnostic tool called QUIP that has the ability to colle...
Bug Hunters have Windows 8 Zeroday Exploit
French security researcher firm and famous bug hunters at Vupen announced that it had already developed an exploit that could take over a Window 8 machine running Internet Explorer 10, in spite of the many significant security upgrades Microsoft built into the latest version of its operating...
Android Security shielded with full ASLR implementation
The latest release of Google's Android mobile operating system has finally been properly fortified with an industry-standard defense. It's designed to protect end users against hack attacks that install malware on handsets. Android 4.1 Jelly Bean includes several new exploit mitigations and a mor...
Ryan Naraine on Exploit Mitigations and the MS12-020 RDP Bug
Dennis Fisher talks with Ryan Naraine about whether exploit mitigations such as ASLR and DEP really make any difference in preventing browser attacks and the seriousness of the MS12-020 RDP vulnerability that was patched during March’s Patch Tuesday release. Podcast audio courtesy of sykboy65...
Raising the Bar on Browser Attacks
VANCOUVER–If there’s one thing that emerged from all of the craziness that was CanSecWest, Pwn2Own and Pwnium, it’s that life is becoming more difficult for researchers and attackers looking to exploit modern browsers. It’s not impossible, of course, but it’s certainly not the warm-up exercise th...
Offensive Research Continuing to Advance
MIAMI BEACH–It’s the accepted wisdom these days that many of the traditional security defenses organizations depend on just aren’t effective at deterring attackers. But this glosses over the fact that the last few years have included some major advances in defensive technologies, including the...