CVE-2024-53845

CVE-2024-53845 concerns ESPRESSIF ESP-IDF’s ESPTouch v2 AES/CBC encryption where the Initialization Vector (IV) was not configurable prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8, causing a deterministic ciphertext and potential data leakage. The fixed behavior, implemented in these versions, ...

Sonos Speaker Flaws Could Have Let Remote Hackers Eavesdrop on Users

Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to clandestinely eavesdrop on users. The vulnerabilities "led to an entire break in the security of Sonos's secure boot process across a wide range of devices and remotely being...

Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

Posted by Gal Beniamini, Project Zero In this blog post we’ll complete our goal of achieving remote kernel code execution on the iPhone 7, by means of Wi-Fi communication alone. After developing a Wi-Fi firmware exploit in the previous blog post, we are left with the task of using our newly...

Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices

Posted by Gal Beniamini, Project Zero Earlier this year we performed research into Broadcom’s Wi-Fi stack. Due to the ubiquity of Broadcom’s stack, we chose to conduct our prior research through the lens of one affected family of products -- the Android ecosystem. To paint a more complete picture...

[Full-disclosure] PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service

Vulnerability Report ----------------------------- Vendor: Microsoft and ArcSoft Product: PocketPC OS and MMS Composer Versions: MMS Composer: 1.5.5.6, 2.0.0.13 possible others Platform: PocketPC tested on: WinCE 4.2 and WinCE 4.21, possible others Architecture: ARM Devices: HP iPAQ h6315, i-mate...