[RSS] Cleo Harmony, VLTrader, and LexiCom: CVE-2024-50623, RCE via arbitrary file write

https://labs.watchtowr.com/cleo-cve-2024-50623/

[RSS] CodeQL zero to hero part 4: Gradio framework case study

https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-4-gradio-framework-case-study/

New vulnerability report from Talos:

Adobe Acrobat Reader Font gvar per-tuple-variation-table Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2064

CVE-2024-49532

New vulnerability report from Talos:

Adobe Acrobat Reader Font Private Point Numbers Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2070

CVE-2024-49533

New vulnerability report from Talos:

Adobe Acrobat Reader Font Program Function Definition Out-Of-Bounds Read Vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2076

CVE-2024-49534

[RSS] Never Underestimate CSRF: Why Origin Reflection is a Bad Idea

https://www.sonarsource.com/blog/never-underestimate-csrf-why-origin-reflection-is-a-bad-idea/

QEMU 9.2 open-source machine emulator introduces advanced ARM support, Nitro Enclave emulation, Vulkan-enhanced graphics, and more.
https://linuxiac.com/qemu-9-2-open-source-machine-emulator/

#qemu #virtualization #foss

[RSS] Fake It 'til We Make It: The Art of Windows User Space Emulation

https://momo5502.com/posts/2024-10-04-the-art-of-windows-user-space-emulation/

The new #curl CVE-2024-11053 we call "netrc and redirect credential leak"

While security low, it will of course still be relevant to whomever uses the unlucky combination of options.

https://curl.se/docs/CVE-2024-11053.html

[RSS] 2025 Hackaday Europe CFP: We Want You!

https://hackaday.com/2024/12/10/2025-hackaday-europe-cfp-we-want-you/

[RSS] It rather involved being on the other side of this airtight hatchway: Disabling anti-malware scanning

https://devblogs.microsoft.com/oldnewthing/20241210-00/?p=110626

[RSS] The Ruby on Rails _json Juggling Attack

https://nastystereo.com/security/rails-_json-juggling-attack.html

[RSS] Binary pointer alias analysis -- beating CodeQL's taint analysis without even having source code

https://attilaszia.github.io/pointerarticle/

Back when I was poking around with filesystem fuzzing stuff years back, I noticed something odd:

An EXT filesystem can tell the Linux OS how it should behave "if" the filesystem is corrupt, including triggering a kernel panic. In a world where USB thumb drives exist, this seems... not ideal.

Let's see what happens if we plug such a mass storage device into a fully patched Chromebook in 2024...

Oh.

"iDecompile: Writing a Decompiler for iOS Applications"(Laurie Kirk)

Things I learned:
When decompiling iOS apps it makes sense to think of the application life cycle, i.e. specific code is triggered when apps go from background to foreground. You can think of these triggers as multiple mains or entry points.

Tool for #reverseengineering
https://github.com/LaurieWired/Malimite

https://objectivebythesea.org/v7/talks.html#Speaker_8

#obts #obtsv7

@wdormann ahh sry didn't spot that from mobile, just got the bookmark

LIEF 0.16.0 is out featuring new (extended) capabilities like Dyld Shared Cache support, Assembler/disassembler, ...

https://lief.re/blog/2024-12-10-lief-0-16-0/

It's the last Patch Tuesday of 2024, but that doesn't mean #Adobe or #Microsoft took it easy. There's one Microsoft CVE being actively exploited and Adobe released fixes for 167 CVEs(!) in total. Join @TheDustinChilds as he breaks down the release. https://www.zerodayinitiative.com/blog/2024/12/10/the-december-2024-security-update-review

Happy #PatchTuesday from Splunk:

• SVD-2024-1201 Information Disclosure in Mobile Alert Responses in Splunk Secure Gateway (CVE-2024-53243, 4.3 medium)
• SVD-2024-1202 Risky command safeguards bypass in "/en-US/app/search/report" endpoint through "s" parameter (CVE-2024-53244, 5.7 medium)
• SVD-2024-1203 Information Disclosure due to Username Collision with a Role that has the same Name as the User (CVE-2024-53245, 3.1 low)
• SVD-2024-1204 Sensitive Information Disclosure through SPL commands (CVE-2024-53246, 5.3 medium)
• SVD-2024-1205 Remote Code Execution through Deserialization of Untrusted Data in Splunk Secure Gateway app (CVE-2024-53247, 8.8 high)
• SVD-2024-1206 Third-Party Package Updates in Splunk Enterprise - December 2024 (multiple CVEs)
• SVD-2024-1207 Third-Party Package Updates in Splunk Universal Forwarder - December 2024 (CVE-2024-5535, 9.1 critical)

No verbiage of exploitation.

#splunk #infosec #cybersecurity #vulnerability #CVE

@wdormann maybe https://ssd-disclosure.com/ssd-advisory-common-log-file-system-clfs-driver-pe/ ? Vendor response is weird, but have to check affected systems in the advisory...