• Apple's UIKit Vulnerability - Sandbox Escape

    A vulnerability has been identified in various Apple devices, including iPhones, posing a significant risk. The vulnerability affects the UIKit component.

    Continue Reading →

  • Apple's macOS Quick Look Vulnerability - Buffer Overflow

    A vulnerability has been identified in Apple’s Quick Look feature that affects Apple’s macOS. The vulnerability, classified as a classic buffer overflow, was addressed with improved bounds checking.

    Continue Reading →

  • Wire Secure Messenger Remote Format String Vulnerability

    A Format String vulnerability (CVE-2023-48221) in the Wire AVS library used in Wire Secure Messenger allows an attacker to cause a denial of service (application crash) or possibly execute arbitrary code via voice or video call. This affects Wire AVS (Audio, Video, and Signaling) before 9.2.22 and 9.3.5.

    Continue Reading →

  • Shining some light on the DarkGate loader

    Analysis and Report by Fabian Marquardt (@marqufabi)

    Recently, Telekom Security CTI was made aware via trust groups in which we are engaged about a new malware campaign that is distributed via phishing emails. The malspam campaign used stolen email threads to lure victim users into clicking the contained hyperlink, which downloaded the malware.

    Continue Reading →

  • LibreOffice Calc Formula Parsing Vulnerability

    A vulnerability in LibreOffice (CVE-2023-0950) allows to trigger an array index underflow that could be exploited by an attacker to execute arbitrary code. To trigger the vulnerability, a victim only needs to open a specially crafted Spreadsheet file. The vulnerability has been fixed in LibreOffice 7.4.6/7.5.2.

    Continue Reading →

  • Mozilla Maintenance Service Write-lock bypass Vulnerability

    A vulnerability in the Mozilla Maintenance Service (CVE-2023-29532) allows a local attacker to trick the Mozilla Maintenance Service into applying an unsigned update file by pointing the service to an update file on a malicious SMB server. This allows privilege escalation to the LocalSystem account. The vulnerability has been fixed in Firefox 112, Firefox ESR 102.10, and Thunderbird 102.10.

    Continue Reading →

  • USD: One File Format, Many Vulnerabilities

    This post covers my project of identifying a series of vulnerabilities (CVE-2020-9878, CVE-2020-9880, CVE-2020-9881, CVE-2020-9882, CVE-2020-9940, CVE-2020-9985) in the processing of USD (Universal Scene Description) files within Apple’s iOS operating system. It also covers the high-level approach to exploit one of these vulnerabilities.

    Continue Reading →

  • Apple's iOS & macOS Contacts Vulnerability - Privacy Preferences Bypass

    A vulnerability has been identified in iOS/iPadOS < 15.7 / < 16.0 and macOS Big Sur < 11.7 that allows an app to bypass Privacy preferences, posing a significant risk. The vulnerability, classified as Improper Input Validation affects the Contacts component.

    Continue Reading →