Researchers: Adam Donenfeld (@doadam) Relevant Operating Systems: iOS, tvOS and watchOS CVE: CVE-2018-4109 As a part of zLabs platform research team (and as a researcher in general), I often find myself wandering in IDA, reversing random pieces of code. In this blog post, I’m going to show a vulnerability I found deep inside … Read More
Posts in "Threat Research"
As part of our platform research in Zimperium zLabs, I have recently discovered a vulnerability in a privileged Android service called MediaCasService and reported it to Google. Google designated it as CVE-2018-9539 and patched it in the November security update (2018-11-01 patch level). In this blog post, I will describe the technical details of this … Read More
As part of our platform research in Zimperium zLabs, I have recently disclosed a critical vulnerability affecting multiple high-privileged Android services to Google. Google designated it as CVE-2018-9411 and patched it in the July security update (2018-07-01 patch level), including additional patches in the September security update (2018-09-01 patch level). I also wrote a proof-of-concept … Read More
Researchers: Adam Donenfeld (@doadam) Relevant Operating Systems: iOS, tvOS and watchOS CVE: CVE-2018-4282 Summary As a part of our ongoing mobile platform research, zLabs recently discovered a read-out-of-bounds vulnerability in the AppleT8015PPM.kext that allows an attacker to read out of its supplied structureInput. The read data is being used as a dictionary. Details Selector … Read More
FreeRTOS TCP/IP Stack Vulnerabilities Put A Wide Range of Devices at Risk of Compromise: From Smart Homes to Critical Infrastructure Systems
Researchers: Ori Karliner (@oriHCX) Relevant Operating Systems: FreeRTOS up to V10.0.1 (with FreeRTOS+TCP), AWS FreeRTOS up to V1.3.1, WHIS OpenRTOS and SafeRTOS (With WHIS Connect middleware TCP/IP components) . CVE List: As a part of our ongoing IoT platform research, zLabs recently analyzed some of the leading operating systems in the IoT market, including FreeRTOS. … Read More