Apple has released emergency updates to address three zero-day vulnerabilities in multiple popular products. Tracked as CVE-2023-41991, CVE-2023-41992, and CVE-2023-41993, the vulnerabilities may allow attackers to elevate privileges, perform arbitrary code execution, and bypass signature validation. Bill Marczak of The Citizen Lab at The University of Toronto’s Munk School and Maddie Stone of Google’s Threat … Continue reading “Apple Patched Three Zero-days Affecting iOS, iPadOS, macOS Ventura, Safari (CVE-2023-41991, CVE-2023-41992, & CVE-2023-41993)”
Tag: Local Privilege Escalation Vulnerability
VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)
VMware has released a security advisory (VMSA-2022-0022) addressing multiple vulnerabilities in VMware vRealize Operations. The vulnerabilities vary from an authentication bypass (CVE-2022-31675), and privilege escalation (CVE-2022-31672) to information disclosure (CVE-2022-31673, CVE-2022-316734). These vulnerabilities have been discovered by Steven Seeley (mr_me) of Qihoo 360 Vulnerability Research Institute. VMware vRealize Operations enable self-driving IT Operations Management … Continue reading “VMware vRealize Operations Multiple Vulnerabilities Patched in the Latest Security update (CVE-2022-31672, CVE-2022-31673, CVE-2022-31674, & CVE-2022-31675)”
VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access
VMware has released a security advisory addressing multiple vulnerabilities in important VMware products and requested the admins to update to the latest versions. The vulnerabilities varies from an authentication bypass (CVE-2022-31656), URL injection (CVE-2022-31657), path traversal (CVE-2022-31662), Cross-site scripting (XSS) (CVE-2022-31663), remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) to privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664). The CVSS … Continue reading “VMware Patched Multiple Vulnerabilities in VMware Products including Identity Manager (vIDM) and Workspace ONE Access”
VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)
VMware has released a security advisory to address two critical vulnerabilities (CVE-2022-22972 & CVE-2022-22973) impacting VMware Identity Manager (vIDM), and Workspace ONE Access. Successful exploitation of these vulnerabilities could lead to escalation of privileges and authentication bypass. CISA has also released an advisory and warned users to immediately patch these vulnerabilities. One of the two … Continue reading “VMware Patches Critical Vulnerabilities in VMware Identity Manager (vIDM) and Workspace ONE Access (CVE-2022-22972 & CVE-2022-22973)”
PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)
The Qualys Research Team identified a memory corruption flaw in Polkit’s pkexec, a SUID-root tool that comes pre-installed on every major Linux distribution. By exploiting this easily exploited vulnerability (CVE-2021-4034) in its default configuration, any unprivileged user can gain full root privileges on a vulnerable host. Polkit (previously PolicyKit) is a Unix-like operating system … Continue reading “PwnKit: Polkit pkexec Local Privilege Escalation Vulnerability (CVE-2021-4034)”
Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)
Security researchers have discovered an unpatched Windows OS security vulnerability that could allow information disclosure and local privilege escalation (LPE). The flaw (CVE-2021-24084) has yet to be officially fixed, making it an important vulnerability. However, an unofficial patch has been released as a workaround. The vulnerability affects the Windows Mobile Device Management component, and it could allow unauthorized access to the filesystem and the reading of arbitrary data. … Continue reading “Unpatched Information Disclosure Vulnerability affects Microsoft Windows (zero-day) (CVE-2021-24084)”
Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)
Attackers are actively exploiting a zero-day vulnerability in Windows Installer. The vulnerability was found after a Microsoft patch for another security weakness failed to adequately repair the initial and unrelated bug. A security researcher found this Windows Installer Elevation of Privilege vulnerability termed as CVE-2021-41379. The vulnerability allows threat actors with limited access to a compromised device to elevate … Continue reading “Microsoft’s New Zero-day Windows Local Privilege Escalation Vulnerability (CVE-2021-41379)”
Linux Kernel ePBF Local Privilege Escalation Vulnerability (CVE-2020-8835)
The Linux kernel was reported with out-of-bounds reads and writes vulnerability due to lack of calculation in register bounds of ePBF code. Using this vulnerability (CVE-2020-8835), a local authenticated user can exploit and expose sensitive information resulting in high data loss. In ZDI’s Pwn2own competition, Manfred Paul demonstrated the flaw in the bpf verifier for … Continue reading “Linux Kernel ePBF Local Privilege Escalation Vulnerability (CVE-2020-8835)”