It looks like the "major" AMD vulnerability that @taviso reported had leaked has now been disclosed.

The vulnerability, with a 7.2 severity rating, allows hackers to bypass Secure Encrypted Virtualization—a protection that provides the cryptographic means for certifying that a VM hasn’t been compromised by anyone who may have had access to the physical machine running the vulnerable AMD chip. The patch comes in the form of microcode that presumably will be provided by the device OEM.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3019.html

Google Android zero-day: Android Security Bulletin February 2025
46 CVEs in Framework (1 critical, 45 high severity) cc: @buherator

Note: There are indications that CVE-2024-53104 may be under limited, targeted exploitation.

#CVE_2024_53104 #android #google #vulnerability #zeroday #eitw #activeexploitation #infosec #cybersecurity

Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w

Qualcomm: February 2025 Security Bulletin
Qualcomm has 7 propriety vulnerabilities (1 critical, 5 high, 1 medium severity) and 17 open source vulnerabilities (1 critical, 9 high, 7 medium). That critical vulnerability CVE-2024-49837 (7.8 high) is Improper Validation of Array Index in Automotive OS Platform QNX. No mention of exploitation. h/t @cR0w

#qualcomm #patchtuesday #vulnerability #infosec #cybersecurity

Project: mpengine-x64-pdb 1.1.24090.11
File: mpengine.dll
Address: 75aa68af0

_Partition_by_median_guess_unchecked<interval<unsigned___int64>_*,`dexscan_scanfile'::__l183::compare_intervals>

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa68af0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fmpengine-x64-pdb%2F75aa68af0.json&colors=light

Today's insanity:

What is the origin of the word "mainframe"? Digging through archives, I traced it back to 1953. The IBM 701 computer was built from "frames": power frames, a storage frame, a drum frame, and the main frame. This 1953 drawing from the Installation Manual shows the dimensions of the "main frame". 1/n

New way to get customer support just dropped

“For Sale: Binaries Compiled From Hand-Crafted Artisanal Code”

https://jasonbrownlee.me/blog/posts/hand-crafted-code/

So Apple has open-sourced the XCBuild system used internally by Xcode as Swift-Build: https://github.com/swiftlang/swift-build

Based on their previously open-source llbuild project.

It includes support for Windows and Linux (using clang-cl on Windows), but does not currently seem to have a way to make use of it outside of Swift package manager or Xcode.

Coming up this weekend: PE & Mitra!

Cheers to 11 years of AppSec Ezine! 🎉 Huge thanks to the security community for sharing and the supporters who made this journey possible. Here's to another year of knowledge-sharing! 🚀

572nd Edition: https://pathonproject.com/zb/?871f09331bbd8d13#6ahftCLH0VYSLjlk8M+FtRW8EibTcKL+J5qO7xUUPpk=

Repo: https://github.com/Simpsonpt/AppSecEzine

#AppSec #Security

The second blog is about an interesting bug class in COM servers that implement IDispatch, which allows you to potentially create other objects in the process. For example every OOP COM server with IDispatch allows you to create a STDFONT object which isn’t really designed to be safely used cross process. To demo its usefulness I then use the trick to get code injection in a Windows-PPL process from where you could open protected LSASS etc. https://googleprojectzero.blogspot.com/2025/01/windows-bug-class-accessing-trapped-com.html

CVE-2025-21325 - 2025-Jan - ARM64 - Windows Secure Kernel Mode Elevation of Privilege

#ghidriff full diff 👀 https://gist.github.com/clearbluejar/318abe5d072eef55b9ea7c23a591726e

Incorrect permission assignment? 🧐 https://gist.github.com/clearbluejar/318abe5d072eef55b9ea7c23a591726e#skmicommitpte-diff