Mac OS X IOKit Keyboard Driver Root Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' class Metasploit3 'Mac OS X IOKit Keyboard Driver Root Privilege Escalation', 'Description' = %q A heap overflow in...

Sandbox Escape Bug in Adobe Reader Disclosed

Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that...

Internet Explorer EPM Sandbox Escape CVE-2014-6350

Posted by James Forshaw This month Microsoft fixed 3 different Internet Explorer Enhanced Protected Mode EPM sandbox escapes which I disclosed in August. Sandboxes are one of the main areas of interest for Project Zero and me in particular as they are choke points for an attacker successfully...

Mac OS X IOKit Keyboard Driver Root Privilege Escalation

A heap overflow in IOHIKeyboardMapper::parseKeyMapping allows kernel memory corruption in Mac OS X before 10.10. By abusing a bug in the IORegistry, kernel pointers can also be leaked, allowing a full kASLR bypass. Tested on Mavericks 10.9.5, and should work on previous versions. The issue was...

Project Zero Patch Tuesday roundup, November 2014

Posted by Chris Evans, Registrar of Bugs It’s been about a week since Patch Tuesday, and the Project Zero reports mentioned in the various advisories are now public. We won’t always be writing a Patch Tuesday roundup, but we often will when we believe there is a sufficiently varied and interestin...

ZTE ZXHN H108L - Authentication Bypass (2)

ZTE ZXHN H108L - Authentication Bypass 2 About the software ================== ZTE ZXHN H108L is provided by some large Greek ISPs to their subscribers. Vulnerability Details ===================== CWMP configuration is accessible only through the Administrator account. CWMP is a protocol widely...

Adobe Patches 18 Vulnerabilities in Flash

Adobe pushed out security updates for Flash Player this afternoon, addressing 18 different vulnerabilities, all critical, that could allow an attacker to take control of an affected system running the multimedia platform according to a security bulletin posted today. The Patch Tuesday updates,...

Immunity Canvas: ADOBE_FLASH_COPYPIXELSTOBYTEARRAY

Name| adobeflashcopypixelstobytearray ---|--- CVE| CVE-2014-0556 Exploit Pack| CANVAS Description| adobeflashcopypixelstobytearray Notes| CVE Name: CVE-2014-0556 VENDOR: Adobe Notes: This module exploits a heap based buffer overflow on Adobe Flash Player when copying data from a BitmapData object...

Google Project Zero a Big Win for Security

Billions of people–not to mention a decent portion of the world’s economies–depend upon the Internet in a way that is both amazing and terrifying. We rely on the network in a way that perhaps we have never relied on anything in the course of human history. The Internet is a wonderful resource, bu...

Project Zero - A Team of Star-Hackers Hired by Google to Protect the Internet

Today Google has publicly revealed its new initiative called “Project Zero,” a team of Star Hackers and Bug Hunters with the sole mission to improve security and protect the Internet. A team of superheroes in sci-fi movies protect the world from Alien attack or bad actors, likewise Project Zero i...

May 2014 Apple Safari Browser Security Patches

Apple released an update to Safari yesterday patching 22 vulnerabilities in the WebKit browser engine that allow code execution or a browser crash. Safari 7.0.4 is available for OS X Mavericks 10.9 and Safari 6.1.4 for OS X Mountain Lion 10.8. The vulnerabilities could be exploited if the user wa...

Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities

So, is your Safari Web Browser Updated?? Make sure you have the latest web browser updated for your Apple Macintosh systems, as Apple released Safari 6.1.3 and Safari 7.0.3 with new security updates. These Security updates addresses multiple vulnerabilities in its Safari web browser, which has...

Codiad 2.0.7 Cross Site Scripting

Exploit Title: Codiad - Stored Persistent Cross Site Scripting Vulnerability Date: 02/12/2013 Exploit Author: Project Zero Labs Vendor Homepage: http://www.codiad.com Software Link: https://github.com/Codiad/Codiad Version: v.2.0.7 Tested on: Kali Linux / Iceweasel v.22 About the software:...