New 'CacheOut' Attack Leaks Data from Intel CPUs, VMs and SGX Enclave

Another month, another speculative execution vulnerability found in Intel processors. If your computer is running any modern Intel CPU built before October 2018, it's likely vulnerable to a newly discovered hardware issue that could allow attackers to leak sensitive data from the OS kernel,...

Win10 security warning: the Super 40 Drive-in there is a security vulnerability-vulnerability warning-the black bar safety net

! In the computer, the hardware is the Software Foundation. And the drive to play the makeOSknow of hardware components and interact with the role. The driver code allows theoperating systemthe kernel and the hardware to communicate, than normal user and system administrator permissions to be...

CVE-2019-1695

A vulnerability in the detection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, adjacent attacker to send data directly to the kernel of an affected device. The vulnerability exists because the software...

PT-2019-2088 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the detection engine of Cisco Adaptive Security Applian...

CVE-2019-6210

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A malicious application may be able to execute arbitrary code with kernel privileges...

Rosenbridge - Hardware Backdoors In Some X86 CPUs

project:rosenbridge reveals a hardware backdoor in some desktop, laptop, and embedded x86 processors. The backdoor allows ring 3 userland code to circumvent processor protections to freely read and write ring 0 kernel data. While the backdoor is typically disabled requiring ring 0 execution to...

Spectre Vulnerability in CPU Processor Kernel

CPU hardware is a set of firmware that runs in the CPU Central Processing Unit to manage and control the CPU. The Spectre vulnerability exists in the CPU processor kernel, where an attacker can use a malicious application to gain access to private data that should be quarantined due to Intel's...

Google Elevates Security in Android O

Google last week during its I/O event described security tweaks that are part of its upcoming Android O operating system, which is expected to be released later this year. New features are Project Treble and a new permission standard around the feature called Instant App. Also to be introduced wi...

Apple macOS Sierra kernel memory corruption elevation of privilege vulnerability

Apple macOS is an operating system that runs on Apple's Macintosh line of computers. A memory corruption elevation of privilege vulnerability exists in the Apple macOS Sierra kernel, which can be exploited by remote attackers to build malicious applications, elevate privileges, and gain access to...

CVE-2017-0568

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions:...

Pandavirtualization: Exploiting the Xen hypervisor

Posted by Jann Horn, Project Zero On 2017-03-14, I reported a bug to Xen's security team that permits an attacker with control over the kernel of a paravirtualized x86-64 Xen guest to break out of the hypervisor and gain full control over the machine's physical memory. The Xen Project publicly...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the Qualcomm Camera operating system’s driver is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to enhance their privileges and execute arbitrary code within the kernel context, through a local malicious application...

CVE-2017-0475

An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerability of the NVIDIA GPU operating system for Android is related to deficiencies in access control. Exploiting this vulnerability allows a remote attacker to execute arbitrary code of a local malicious application within the kernel context. This issue is considered “critical” due to th...

CVE-2016-8427

An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the...

Apple OS X AppleEFIRuntime Arbitrary Code Execution Vulnerability

Apple OS X is a proprietary operating system developed by Apple for Mac computers.AppleEFIRuntime is one of the components used to display the BIOS initialization in the EFI environment. An arbitrary code execution vulnerability exists in AppleEFIRuntime in versions of Apple OS X prior to 10.12,...

Google Nexus Elevation of Privilege Vulnerability

Google Nexus is Google's line of high-end cell phones powered by stock Android. Google Nexus suffers from an elevation of privilege vulnerability that can be exploited by an attacker to execute arbitrary code using kernel wide elevated privileges...

NVIDIA Windows Privilege Delegation Escalation

Lenovo Security Advisory: LEN-2015-008 Potential Impact: Escalation of Privilege Severity: Medium Summary: The NVIDIA Display Driver’s kernel administrator check improperly validates local client impersonation levels in some cases. Description: This vulnerability can only be exploited by a user...

Apple OS X El Capitan CoreStorage Arbitrary Code Execution Vulnerability

Apple OS X El Capitan is an operating system on Apple devices. A security vulnerability in Apple OS X El CoreStorage allows attackers to exploit the vulnerability to execute arbitrary code with kernel privileges...

ASUS Memory Mapping Driver (ASMMAP/ASMMAP64) - Physical Memory Read/Write

Exploit for windows platform in category dos / poc / Source: http://rol.im/asux/ ASUS Memory Mapping Driver ASMMAP/ASMMAP64: Physical Memory Read/Write PoC by slipstream/RoL - https://twitter.com/TheWack0lian - http://rol.im/chat/ The ASUS "Generic Function Service" includes a couple of drivers,...