April 5, 2024
In a previous blog post we described a process injection vulnerability affecting all AppKit-based macOS applications. This research was presented at Black Hat USA 2022, DEF CON 30 and Objective by the Sea v5. This vulnerability was actually the second universal process injection vulnerability we reported to Apple, but it was fixed earlier than the first. Because it shared some parts of the exploit chain with the first one, there were a few steps we had to skip in the earlier post and the presentations.
The `SecureRandomFactoryBean` class in Spring Security by Pivotal has a vulnerability in certain versions that could lead to the generation of predictable random values when a custom seed is supplied. This vulnerability could lead to predictable keys or tokens in applications that depend on cryptographically-secure randomness.
Applications that use this class may need to evaluate if any predictable tokens were generated that should be revoked.
During a code review of XenServer, we found and exploited a vulnerability in the XAPI management service that allows an attacker to bypass authentication and remotely perform arbitrary XAPI calls with administrative privileges.
In this post we describe multiple vulnerabilities we found in the infortainment system used in cars from the Volkswagen Auto Group. The vulnerabilities can be exploited via a cellular connection, leading to the cars CAN bus.
During a summary code review of NAPALM, we found and exploited several issues that allow a compromised host to execute commands on the NAPALM controller and thus gain access to the other hosts controlled by that controller.
A malicious MySQL database or a database containing malicious contents can obtain remote code execution in applications connecting using MySQL Connector/J."
During a summary code review of Ansible, we found and exploited several issues that allow a compromised host to execute commands on the Ansible controller and thus gain access to the other hosts controlled by that controller.