36 matches found
Hackers Win $105,000 for Reporting Critical Security Flaws in Sonos One Speakers
Multiple security flaws uncovered in Sonos One wireless speakers could be potentially exploited to achieve information disclosure and remote code execution, the Zero Day Initiative ZDI said in a report published last week. The vulnerabilities were demonstrated by three different teams from Qrious...
VMware Releases Critical Patches for Workstation and Fusion Software
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 CVSS score: 9.3, is described as a stack-based...
Researchers wishing to publish Microsoft Edge browser 0-day sandbox escape vulnerability-vulnerability warning-the black bar safety net
In recent days, according to Twitter nickname is@Yux1xi(Yushi Liang security researchers revealed that he plans to publish on a Microsoft browser Microsoft Edge 0-day vulnerability that can be achieved for Edge browser remote code execution RCE, and@Yux1xi also claimed that he and his Russian...
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...
CVE-2018-5146
An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. This vulnerability affects Firefox 59.0.1, Firefox ESR 52.7.2, and Thunderbird 52.7...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of March 12, 2018
This week marked the 11th annual Pwn2Own contest held during the CanSecWest conference in Vancouver and while the contest had fewer entries compared to previous years, it was still an exciting event filled with a little drama. Over the course of two days, the Zero Day Initiative awarded $267,000...
mozilla -- multiple vulnerabilities
The Mozilla Foundation reports: CVE-2018-5146: Out of bounds memory write in libvorbis An out of bounds memory write while processing Vorbis audio data was reported through the Pwn2Own contest. CVE-2018-5147: Out of bounds memory write in libtremor The libtremor library has the same flaw as...
Researcher Pockets $30,000 in Chrome Bounties
Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the...
3 6 0 Marvel Team virtualization vulnerabilities the fifth bomb: CVE-2 0 1 6-3 7 1 0 Dark Portal vulnerability analysis-vulnerability warning-the black bar safety net
From 2 0 1 5 year 5 month venom vulnerabilities raging global Cloud Platform, 3 6 0 Marvel Team accumulated in kvm, xen, vmware platform on found submitted up to 2 2 pieces of high-risk security 0day vulnerabilities, these vulnerabilities will lead to a General purpose cloud system was hacked...
Hacking Team Flash Zero Day Weaponized in Exploit Kits
Handlers for three major exploit kits have managed to utilize in short order a zero-day vulnerability in Adobe Flash Player uncovered among the 400 Gb of data stolen from Hacking Team. Experts, including French researcher Kafeine and a number of others from security companies, revealed last night...
April 2015 Microsoft Patch Tuesday Security Bulletins
Microsoft has patched a critical vulnerability in the Windows HTTP protocol stack, known as HTTP.sys, which could have devastating consequences once it’s inevitably publicly exploited. The bulletin, MS15-034, is one of four critical bulletins issued today by Microsoft. Experts warn that exploitin...
Mozilla official rushed to repair the Pwn2Own contest on the disclosure of the Firefox browser vulnerability-vulnerability warning-the black bar safety net
3 on 1 8 March, the world's top hacker contest Pwn2Own2015 in Vancouver, Canada, opened the Battle screen, and the brightest great God recount, Mariusz Mlynski in a very short period of time compromised the Firefox get 3 0 0 0 0 $ a huge bonus. And Mozilla official at the end of the game...
SUSE-SU-2015:0593-1 Security update for Mozilla Firefox
MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-tim...
VUPEN Discloses Details of Patched Firefox Pwn2Own Zero-Days
Contestants at this year’s Pwn2Own contest made no bones about it: they were going after browsers and as it turned out, Firefox had the biggest target on its back. Mozilla’s popular browser was popped four times during the Canadian hacker festival accounting for a quarter of the $800,000-plus in...
Facebook Bug Bounty Submissions Dramatically Increase
Facebook today reported a dramatic increase in 2013 submissions to its bug bounty program, and said that despite reports from researchers that it’s becoming difficult to find severe bugs on its various properties, the social network plans to increase rewards for critical bugs. “The volume of...
Out-of-bounds read/write through neutering ArrayBuffer objects — Mozilla
Security researcher Jüri Aedla, via TippingPoint's Pwn2Own contest, reported that TypedArrayObject does not handle the case where ArrayBuffer objects are neutered, setting their length to zero while still in use. This leads to out-of-bounds reads and writes into the JavaScript heap, allowing for...
Privilege escalation using WebIDL-implemented APIs — Mozilla
Security researcher Mariusz Mlynski, via TippingPoint's Pwn2Own contest, reported that it is possible for untrusted web content to load a chrome-privileged page by getting JavaScript-implemented WebIDL to call window.open. A second bug allowed the bypassing of the popup-blocker without user...
China's Keen Team Topples Safari, Flash at Pwn2Own
VANCOUVER – One is the bug hunter, the other the exploit specialist. Fang Jiahong and Liang Chen represented the Keen Team at Pwn2Own on Thursday, starting off the second day of the annual exploit festival with a quick takedown of Apple’s Safari browser. They then wrapped up the contest with a...
Vupen Cashes in Four Times at Pwn2Own 2014
VANCOUVER – It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits ar...
Hacker 'Pinkie Pie' successfully compromised Chrome on Nexus 4 and Samsung Galaxy S4
A Mysterious Hacker who goes by the "Pinkie Pie" handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4. At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit showcased by "Pinkie Pie"...