Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)

Apple provided security fixes to address a zero-day vulnerability on Thursday. The attackers have used it in the wild to break into iPhones and Macs running older versions of iOS and macOS. Apple has also provided patches for a previously patched security flaw exploited by NSO Group’s Pegasus surveillance tool to target iPhone users.  CVE-2021-30869 is a zero-day vulnerability. This is a type-confusion hole in Apple’s … Continue reading “Apple Arbitrary Code Injection Vulnerability (CVE-2021-30869)”

Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)

Apple released an emergency security release on September 13, 2021 to address two arbitrary code execution vulnerabilities, CVE-2021-30858 and CVE-2021-30860. According to Apple, both vulnerabilities allow maliciously crafted documents to execute arbitrary code on vulnerable devices. Apple addressed the issue saying, “Apple is aware of a report that this issue may have been actively exploited.” … Continue reading “Apple Zero-Day Arbitrary Code Execution Vulnerabilities (CVE-2021-30858 and CVE-2021-30860)”

Adobe Reader arbitrary code execution vulnerability (CVE-2021-28550)

Adobe has released security updates to address  Out-of-Bounds Read, Out-of-Bounds Write, Type Confusion, use-after-free and Heap Overflow vulnerabilities. Among the vulnerabilities patched by Adobe, CVE-2021-28550 is a zero-day that needs immediate attention. CVE-2021-28550 is a Remote Code Execution vulnerability impacting Adobe Acrobat and Reader, and is being actively exploited in the wild on Windows devices. … Continue reading “Adobe Reader arbitrary code execution vulnerability (CVE-2021-28550)”

Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)

Summary: In third week of February,2020, after MSPT, an out-of-bounds (OOB) write vulnerability was observed in Adobe Media Encoder that leads to arbitrary code execution. This vulnerability was observed only for Microsoft Windows platform. Description: Adobe Media Encoder, is a software for encoding and compressing audio or video files. When the untrusted input is processed, … Continue reading “Adobe Media Encoder Out-of-Bounds Write Vulnerability (CVE-2020-3764)”

Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802

A stack overflow vulnerability in “Microsoft Equation Editor” was disclosed to Microsoft. This vulnerability has been assigned CVE-2018-0802. A similar vulnerability was disclosed in the same component in August 2017 – CVE-2017-11882 which overflowed the stack and was able to execute commands by calling the WinExec() within the EQNEDT32.EXE code base using a static address. CVE-2018-0802 follows a similar … Continue reading “Microsoft Office Memory Corruption Vulnerability: CVE-2018-0802”

Microsoft Office Memory Corruption Vulnerability : CVE-2017-11882

In the month of August a buffer overflow vulnerability was discovered in the in the “Microsoft Equation Editor”, the vulnerability has been assigned CVE-2017-11882. As the name suggests it is used for inserting and editing equations MS Office documents. The component in question was compiled without SafeSEH,NX,DEP,ASLR,CFG. All of which protect the machine from a wide … Continue reading “Microsoft Office Memory Corruption Vulnerability : CVE-2017-11882”

Intel Firmware Remote Code Execution Vulnerabilities

Several vulnerabilities were discovered in Intel Management Engine (ME), Intel Server Platform Services (SPS), and Intel Trusted Execution Engine (TXE). The vulnerabilities were discovered as a result of an in-house security review of the products in question and input from external researchers. The vulnerabilities are mostly buffer overflows leading to arbitrary code execution and privilege … Continue reading “Intel Firmware Remote Code Execution Vulnerabilities”