SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Credit to Author: SSD / Ori Nimron| Date: Sun, 02 Dec 2018 13:08:59 +0000

Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the graphics operations are run in a separate process. On macOS, the process is WindowServer and on iOS the name is backboardd. Both of … Continue reading SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow

Read more

SSD Advisory – Symfony Framework forward() Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Sun, 04 Nov 2018 14:21:53 +0000

Vulnerability Summary The following advisory describes a vulnerability found in Symfony 3.4 – a PHP framework that is used to create websites and web applications. Built on top of the Symfony Components. Under certain conditions, the Symfony framework can be abused to trigger RCE in the HttpKernel (http-kernel) component, while forward() is considered by the … Continue reading SSD Advisory – Symfony Framework forward() Remote Code Execution

Read more

SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:23:16 +0000

Vulnerabilities Summary The vulnerability exists in the AppCache subsystem in Chrome Versions 69.0 and before. This code is located in the privileged browser process outside of the sandbox. The renderer interacts with this subsystem by sending IPC messages from the renderer to the browser process. These messages can cause the browser to make network requests, … Continue reading SSD Advisory – Chrome AppCache Subsystem SBX by utilizing a Use After Free

Read more

SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Credit to Author: SSD / Ori Nimron| Date: Mon, 29 Oct 2018 09:21:47 +0000

Vulnerabilities Summary The following advisory discusses a vulnerability found in turbofan, the JIT compiler. We can trigger the JavaScript code in a way that leads to type confusion that can be exploited in order to execute code remotely on Google Chrome Versions 69.0 and before. Vendor Response Vendor has fixed the issue in Google Chrome … Continue reading SSD Advisory – Chrome Type Confusion in JSCreateObject Operation to RCE

Read more

SSD Advisory – Firefox JavaScript Type Confusion RCE

Credit to Author: SSD / Ori Nimron| Date: Sun, 14 Oct 2018 12:00:10 +0000

Vulnerabilities Summary A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write, which leads to remote code execution inside the sandboxed content process when triggered. Vendor Response The reported security vulnerability was fixed in Firefox 62.0.3 and Firefox ESR 60.2.2. CVE CVE-2018-12386 Credit Independent security researchers, … Continue reading SSD Advisory – Firefox JavaScript Type Confusion RCE

Read more

SSD Advisory – Firefox Information Leak

Credit to Author: SSD / Ori Nimron| Date: Tue, 09 Oct 2018 08:55:15 +0000

Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Vendor Response “Security vulnerabilities … Continue reading SSD Advisory – Firefox Information Leak

Read more

SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Credit to Author: SSD / Ori Nimron| Date: Thu, 04 Oct 2018 05:12:22 +0000

Vulnerabilities Summary Cisco Prime Infrastructure (CPI) contains two vulnerabilities that when exploited allow an unauthenticated attacker to achieve root privileges and execute code remotely. The first vulnerability is a file upload vulnerability that allows the attacker to upload and execute JSP files as the Apache Tomcat user. The second vulnerability is a privilege escalation to … Continue reading SSD Advisory – Cisco Prime Infrastructure File Inclusion and Remote Command Execution to Privileges Escalation

Read more

SSD Advisory – Android Printing Man in the Middle Attack

Credit to Author: SSD / Ori Nimron| Date: Tue, 02 Oct 2018 10:03:44 +0000

Vulnerabilities Summary Android 8.1 has introduced the new feature of a default printing service. This service, based on the very similar, freely available Mopria Alliance Print Service on the Google Play Store, suffers from a lack of validation which can lead to both man in the middle attacks and subsequent interception of print jobs, as … Continue reading SSD Advisory – Android Printing Man in the Middle Attack

Read more

SSD Advisory – IRDA Linux Driver UAF

Credit to Author: SSD / Ori Nimron| Date: Thu, 27 Sep 2018 11:23:40 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities in the Linux Kernel. By combining these two vulnerabilities a privilege escalation can be achieved. The two vulnerabilities are quite old and have been around for at least 17 years, quite a few Long Term releases of Linux have them in their kernel. While the assessment of … Continue reading SSD Advisory – IRDA Linux Driver UAF

Read more

SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Credit to Author: SSD / Ori Nimron| Date: Thu, 20 Sep 2018 03:41:42 +0000

Vulnerabilities Summary An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR … Continue reading SSD Advisory – ASUSTOR NAS Devices Authentication Bypass

Read more

SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Credit to Author: SSD / Ori Nimron| Date: Thu, 23 Aug 2018 10:57:33 +0000

Vulnerabilities Summary The following advisory describes two vulnerabilities found in ElastiCenter, ElastiStor’s management console, File Injection that leads to unauthenticated remote code execution. ElastiCenter is the centralized management tool that you use to configure, monitor, manage, and deploy the services provided by CloudByte ElastiStor. ElastiCenter lets you: Use the Graphical User Interface to manage the … Continue reading SSD Advisory – CloudByte ElastiStor OS Unauthenticated Remote Code Execution

Read more