Today, Apple’s MacOS X 10.12.4 update includes security fixes for several open source vulnerabilities. The update includes a vulnerability fix that enSilo’s researcher, Omer Medan, disclosed to Apple whereas the vulnerability allows an attacker to change file system permissions on arbitrary files (CVE-2017-2390). The vulnerability affects all
Windows environment variables can be used to run commands and can also be used to bypass UAC, allowing an attacker with limited privileges to take complete control of the system. This code leverages a rather unusual scenario within Windows OS.
This is a continuation of our research as described in a previous post: Elastic Boundaries – Elevating
Even though any process is provided with variables from its environment, they are often overlooked by users, developers and sometimes even the OS itself.
TL;DR: We found 6(!) different common security issues that stem from incorrect implementation of code hooking and injection techniques. These issues were found in more than 15 different products. The most impactful discovery was that three different hooking engines also suffer from these kind problems, including the most popular commercial
TL;DR: Design issues in various security products, such as anti-virus, make it significantly easier for threat actors to bypass exploit mitigations. As part of our ongoing goal of complete endpoint security, we found a prevalent flaw where anti-virus products allocate memory with RWX permissions at a predictable address.
Today, Microsoft released their latest Patch Tuesday. This Patch includes a fix for CVE-2015-2363, a complementary patch to CVE-2015-2360 from last month. The two CVEs together bundles within themselves IMPORTANT-rated exploitable vulnerabilities which we responsibly disclosed to Microsoft.
As part of our research, we analyze the intricate relationship between Anti-Virus and Operating Systems (OS). During this process, we came across a vulnerability in AVG Internet Security 2015 build 5736 + Virus database 8919 released January 13th 2015.
The vulnerability? The affected AVG product had allocated a memory page with RWX