This week’s exciting instalment of Security Vulnerabilities that would be deterministically mitigated by #CHERI is a multi-part series sponsored by #Apple.

Media decoders are trivial to sandbox on a CHERI system (around four lines of code). They take an input buffer and produce an output. They can run with write access to that output buffer and nothing else. An attacker who gains arbitrary-code execution in an image decoder, for example, gains the ability to write an image to the output buffer: exactly the same rights that someone who can substitute a different image file has already.

@hrbrmstr I've heard they have more pressing problems these days...

Adobe's patches are (finally) out. 13 bulletins addressing 40 CVEs in Cold Fusion, Lightroom, Dreamweaver, Connect, InDesign, Substance 3D Painter, Photoshop, Animate, Illustrator, Bridge, Dimension, Stager, & Modeler. The patch blog has been updated. https://www.zerodayinitiative.com/blog/2025/5/13/the-may-2025-security-update-review

Glad to report that with the previous round of fixes loadlibrary works with the latest, 64-bit Windows Defender engine (1.1.25030.1)

https://scrapco.de/blog/fuzzing-windows-defender-with-loadlibrary-in-2025.html

#PatchTuesday

@kajer I need a carefully select @effinbirds for this:

In case you thought CTRL-F in chromium was useless... Microsoft has your back. https://www.neowin.net/news/microsoft-removes-a-lot-of-features-from-the-edge-browser/

Find on Page in Microsoft Edge for Business will soon be integrated with Microsoft 365 Copilot Chat. Microsoft Edge for Business is introducing Microsoft 365 Copilot Chat to Find on Page (CTRL+F). This feature seeks to help users more easily find relevant content and save time. Note: This is a controlled feature rollout. If you don't see this feature, check back as we continue our rollout.

While the #Adobe patches are still missing, the #Microsoft patch Tuesday rolls on with 5 0-days being exploited in the wild. Join @TheDustinChilds as he breaks down the release and calls out some familiar components. https://www.zerodayinitiative.com/blog/2025/5/13/the-may-2025-security-update-review

Pffft *spits coffee all over keyboard*

So apparently on #Linux, usernames starting with "0x" are interpreted as hex numbers under certain circumstances. 🤪 That seems like asking for trouble...

[oss-security] CVE-2025-47436: Apache ORC: Potential Heap Buffer Overflow during C++ LZO Decompression

https://seclists.org/oss-sec/2025/q2/126

"malformed ORC files can cause the decompressor to allocate a 250-byte buffer but then attempts to copy 295 bytes into it"

The European Vulnerability Database (EUVD) is now fully operational, offering a streamlined platform to monitor critical and actively exploited security flaws amid the US struggles with budget cuts, delayed disclosures, and confusion around the future of its own tracking systems https://euvd.enisa.europa.eu/

#security #infosec

@cR0w @nixCraft RSS would be nice but it does have an open, machine-readable API:

https://euvdservices.enisa.europa.eu/api/lastvulnerabilities

Edit: this one seems even better: hxxps://euvdservices.enisa.europa.eu/api/vulnerabilities?assigner=&product=&vendor=&text=&fromDate=&toDate=&fromScore=0&toScore=10&fromEpss=0&toEpss=100&exploited=true&page=0&size=10

A helpful PoC for Dropbear CVE-2025-47203 dropped on oss-security:

https://seclists.org/oss-sec/2025/q2/123

`dbclient 'localhost,|touch 123 '`

I'm at a meeting hosted by somebody else where they're using Microsoft Teams, and in the chat I attempted to share an image that is on my laptop. By clicking the + button and Attach file.

The result of doing this is that Teams puts the image in MY COMPANY'S SHAREPOINT SERVER, and nobody else in Teams can see the image because they DON'T HAVE AN ACCOUNT on my company's SharePoint server. 🤦‍♂️

Wonders:
1) Has anybody at Microsoft actually tried using Teams?
2) Why do people choose to use Teams?

Aside: If you copy an image and press Cmd - V to put the image in the chat, Teams actually... puts the image in the chat.

With 5.0, we’re open sourcing one of the oldest components of Binary Ninja: the Shellcode Compiler. It’s powered countless Compile C Source dialogs over the years, and now it’s yours to tinker with. Long term, we’re eyeing LLVM as a modern replacement. https://binary.ninja/2025/04/23/5.0-gallifrey.html#shellcode-compiler-open-sourced https://github.com/vector35/scc

@cR0w CVSS is exceptionally bad at scoring XSS

Stop Saying "Responsible Disclosure"

https://www.da.vidbuchanan.co.uk/blog/responsible-disclosure.html

"Your work, no matter how brilliant, becomes valuable to others only in so far as you communicate it to them." -- Simon Peyton-Jones

[RSS] Microsoft spots zero-day use in spy campaign against Kurdish military in Iraq

https://therecord.media/microsoft-zero-day-spy-campaign

Have you ever wanted to stretch your poetry writing muscles in the direction of "bad"? How about "vogon"?!

Read about ZZ9 Plural Z Alpha's #TowelDay Vogon Poetry contest at https://zz9.org/news or just jump in and enter: https://zz9.org/contact

Win a ZZ9 membership today!

Yes, we're beating a dead horse. But that horse still runs in corporate networks - and quietly gives attackers the keys to the kingdom. We're publishing what’s long been exploitable. Time to talk about it. #DSM #Ivanti https://code-white.com/blog/ivanti-desktop-and-server-management/