Binary Vulnerabilities

Chinese Professor’s Actions Spark Outrage After Linux Kernel Blacklists University for Submitting Vulnerabilities

by
Chinese Professor's Actions Spark Outrage After Linux Kernel Blacklists University for Submitting Vulnerabilities

Author | Xu Xuanjuan“Even if you can provide evidence that those patches are effective, why are we actually wasting time doing extra work?” Linus Torvalds must be furious. Recently, Greg Kroah-Hartman, the maintainer of the Linux kernel stable branch, blacklisted the University of Minnesota (UMN), prohibiting it from submitting patches to the mainline Linux kernel. … Read more

Wormable AirPlay Vulnerabilities: Zero-Click Remote Control of Apple Devices in Public Wi-Fi Environments

by
Wormable AirPlay Vulnerabilities: Zero-Click Remote Control of Apple Devices in Public Wi-Fi Environments

Cybersecurity researchers have recently disclosed a series of security vulnerabilities in Apple’s AirPlay protocol, which have now been patched. Attackers could successfully exploit these vulnerabilities to control devices that support this proprietary wireless technology. The Israeli cybersecurity company Oligo has collectively referred to these vulnerabilities as AirBorne. Vulnerability Combination Enables Worm-like Attacks Researchers Uri Katz, … Read more

Statistical Study of High-Frequency Attack Surfaces and Vulnerability Types in the Linux Kernel

by
Statistical Study of High-Frequency Attack Surfaces and Vulnerability Types in the Linux Kernel

Collected and organized all Linux kernel vulnerabilities from January 1, 2022, to February 18, 2023, with data sourced from NVD, totaling 314 vulnerabilities. The analysis of the Linux kernel attack surface is based on CWE types and the subsystems where the vulnerabilities are located. CWE Statistics According to publicly available CVE information, a total of … Read more

Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

by
Summary of Vulnerabilities in HTTP/HTTPS Protocols: How to Check and Prevent Them

The following is a classification and organization of vulnerabilities in the HTTP/HTTPS protocols based on the perspectives of black box testing、white box testing and gray box testing: 1. Black Box Testing (External Perspective, No Internal Access) Definition: Simulates the attacker’s perspective, testing only through external network interfaces without relying on internal system code or configuration … Read more

Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

by
Vulnerability Alert | Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack

Vulnerability Alert Multiple Remote Code Execution Vulnerabilities in VxWorks TCP/IP Stack On July 30, the Armis security research team published an article claiming that they discovered a total of 11 vulnerabilities in the VxWorks TCP/IP stack, of which 6 vulnerabilities could lead to remote code execution. Vulnerability Description VxWorks is currently the most widely used … Read more

Analysis of the Attack Surface of Ubus Inter-Process Communication Mechanism in OpenWRT

by
Analysis of the Attack Surface of Ubus Inter-Process Communication Mechanism in OpenWRT

01 Introduction Ubus is the inter-process communication mechanism in OpenWRT, which simplifies the implementation of inter-process communication. The foundation of ubus is the UNIX Socket, which is a local socket that is more efficient and reliable compared to traditional network communication sockets. 1.1 Model Architecture UNIX Socket adopts a C/S model architecture, divided into server … Read more

Urgent Warning: Multiple Critical Vulnerabilities in RTOS VxWorks

by
Urgent Warning: Multiple Critical Vulnerabilities in RTOS VxWorks

0x00 Background Researchers at Armis have discovered 11 zero-day vulnerabilities in VxWorks, the most popular real-time operating system (RTOS), used by over 2 billion devices, including critical mission devices in industrial, medical, and enterprise settings. These vulnerabilities, referred to as ‘URGENT / 11′, exist in IPnet, VxWorks’ TCP/IP stack, affecting versions released over the past … Read more

Your Smart Speaker Might Be ‘Listening’! Important Considerations When Using Smart Home Devices

by
Your Smart Speaker Might Be 'Listening'! Important Considerations When Using Smart Home Devices

With the popularity of artificial intelligence and Internet of Things (IoT) technologies, smart home products such as smart locks, robotic vacuum cleaners, and smart whole-house temperature control systems are becoming increasingly common. It is important to note that if sensitive data from smart home products is exploited by malicious individuals, it could lead to information … Read more

What is Bluetooth Man-in-the-Middle Attack?

by
What is Bluetooth Man-in-the-Middle Attack?

What is Bluetooth Man-in-the-Middle Attack? A man-in-the-middle attack occurs when an attacker inserts themselves between two devices, intercepting their communication and possibly altering the data, often without the users’ knowledge. In Bluetooth, this typically happens with Bluetooth Low Energy (BLE) devices, such as smartwatches. How the attack is carried out: 1.The attacker must be within … Read more

Exploring and Reflecting on the Attack Surface of QEMU Virtualization Security

by
Exploring and Reflecting on the Attack Surface of QEMU Virtualization Security

QEMU and KVM, as typical representatives of virtualization technology, are widely used in cloud computing systems across various vendors. As software with over a decade of history, QEMU has been plagued by security issues. With the continuous development of cloud computing based on QEMU/KVM virtualization software, its security problems have garnered significant attention in recent … Read more