AF_PACKET packet_set_ring Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a heap-out-of-bounds write in the packetsetring function in...

Google Project Zero Calls Windows 10 Edge Defense ‘ACG’ Flawed

Google Project Zero updated its research alleging that Microsoft’s Edge browser security measure introduced last year, called Arbitrary Code Guard ACG, is faulty. Ivan Fratric, Project Zero researcher, published the 31-page white paper on Thursday alleging that Microsoft’s much vaunted ACG...

Bypassing Mitigations by Attacking JIT Server in Microsoft Edge

Posted by Ivan Fratric, Project Zero With Windows 10 Creators Update, Microsoft introduced a new security mitigation in Microsoft Edge: Arbitrary Code Guard ACG. When ACG is applied to a Microsoft Edge Content Process, it makes it impossible to allocate new executable memory within a process or...

WebKitGTK+ Memory Corruption / Code Execution Vulnerability

Exploit for windows platform in category dos / poc ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs

A team of security researchers has reportedly discovered a total of eight new "Spectre-class" vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well. Dubbed Spectre-Next Generation, or Spectre-NG, the partial...

Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege

Posted by James Forshaw, Project Zero Previously I presented a technique to exploit arbitrary directory creation vulnerabilities on Windows to give you read access to any file on the system. In the upcoming Spring Creators Update RS4 the abuse of mount points to link to files as I exploited in th...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 66 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 66.0.3359.117 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcomin...

AMD Rolls Out Spectre Fixes

AMD said that CPU firmware and Windows 10 patches are now available to safeguard its products against the Spectre security flaw. Mark Papermaster, senior vice president and chief technology officer at AMD, said in a Tuesday post that Spectre fixes are available for AMD customers, who can download...

Adobe, Microsoft Push Critical Security Fixes

Adobe and Microsoft each released critical fixes for their products today, a.k.a "Patch Tuesday," the second Tuesday of every month. Adobe updated its Flash Player program to resolve a half dozen critical security holes. Microsoft issued updates to correct at least 65 security vulnerabilities in...

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...

The ‘Perfect Storm’ of Disinformation and Hacking

We live in an age of fake news, misinformation and disinformation. Recently, we have been falling for it – mostly. That is largely thanks to a confluence of social media, hacking and good old fashion disinformation campaigns, according to Matt “Pwn all the Things” Tait, a senior cybersecurity...

Intel Details CPU ‘Virtual Fences’ Fix As Safeguard Against Spectre, Meltdown Flaws

Intel introduced hardware-based protections to its new chips to protect against the Spectre and Meltdown flaws that rocked the silicon industry when the vulnerabilities were made public in early 2018. Spectre and Meltdown, which account for three variants of a side-channel analysis security issue...

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

Mitigating speculative execution side channel hardware vulnerabilities

On January 3rd, 2018, Microsoft released an advisory and security updates related to a newly discovered class of hardware vulnerabilities involving speculative execution side channels known as Spectre and Meltdown that affect AMD, ARM, and Intel CPUs to varying degrees. If you haven’t had a chanc...

Intel Releases Updated Spectre Fixes For Broadwell and Haswell Chips

Intel has issued updated microcode to help safeguard its Broadwell and Haswell chips from the Spectre Variant 2 security exploits. According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and Haswell Xeon E3 platforms, have now be...

uTorrent Users Warned of Remote Code Execution Vulnerability

Google Project Zero researchers are warning of two critical remote code execution vulnerabilities in popular versions of BitTorrent’s web-based uTorrent Web client and its uTorrent Classic desktop client. According to researchers, the flaws allow a hacker to either plant malware on a user’s...

Intel Issues Updated Spectre Firmware Fixes For Newer Processors

Intel has issued updated microcode to help protect its newer processors from Spectre security exploits. The Santa Clara, Calif.-based company’s new microcode updates – which impact its newer chip platforms, such as Kaby Lake, Coffee Lake, and Skylake – have been released to OEM customers and...

Stable Channel Update for Desktop

The stable channel has been updated to 64.0.3282.167 for Mac & Linux, and 64.0.3282.167/168 for Windows, which will roll out over the coming days/weeks. Security Fixes and Rewards Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We wil...

Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data

A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users' accounts, including their personal documents and records, vulnerable to remote hackers. According to Google Project Zero researcher...