Posts in "Threat Research"

FreeRTOS TCP/IP Stack Vulnerabilities – The Details

Researcher: Ori Karliner (@oriHCX) Following our blog from last month, this blog will cover the technical details of our findings. If you suspect that any of your devices are affected by these vulnerabilities and want our assessment, contact us at freertos@zimperium.com. General information Before we dive into the vulnerabilities, there are some important things to … Read More

CVE-2018-9411: New critical vulnerability in multiple high-privileged Android services

As part of our platform research in Zimperium zLabs, I have recently disclosed a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level). I also wrote a proof-of-concept … Read More

CVE-2018-4282: Out-of-bounds read vulnerability in AppleT8015PPM.kext

Researchers: Adam Donenfeld (@doadam) Relevant Operating Systems: iOS, tvOS and watchOS CVE: CVE-2018-4282   Summary As a part of our ongoing mobile platform research, zLabs recently discovered a read-out-of-bounds vulnerability in the AppleT8015PPM.kext that allows an attacker to read out of its supplied structureInput. The read data is being used as a dictionary. Details Selector … Read More