xtaran, 1 month ago to linux

The xz backdoor storm isn't over yet and the next storm seems coming up: #LocalPrivilegeEscalation in the #Linux #kernel 5.15 to 6.5 (at least): https://github.com/YuriiCrimson/ExploitGSM

Affects at least #Debian 12 Stable and #Ubuntu 22.04 LTS (including HWE kernels).

(Via https://twitter.com/matteyeux/status/1777974230325354579 and https://www.reddit.com/r/linux/comments/1c0i7tx/someone_found_a_kernel_0day/)

#LPE #Exploit #ZeroDay #ZeroDayExploit #ZDE

happygeek, 7 months ago to infosec

Last month iPhone users were patching against a zero day vulnerability that could lead to zero-click commercial spyware installation. Now it’s Android’s turn…

#infosec
#android
#ZeroDayExploit
#spyware

https://www.forbes.com/sites/daveywinder/2023/10/04/android-users-warned-of-2-zero-day-exploits-including-spy-on-phone-attack/

happygeek, 7 months ago to infosec

This article at Forbes is now updated with new information from Citizen Lab and Google TAG detailing a zero-day exploit chain leading to a no-click exploit of an iPhone. It’s time to update all the Apple things, well, a whole bunch of them anyway.

#infosec #Apple #ZeroDayExploit #iPhone #iPad #AppleWatch #Mac

https://www.forbes.com/sites/daveywinder/2023/09/23/ios-1701-critical-security-update-warning-for-all-iphone-users/

TechFinitive, 8 months ago to random

Microsoft confirms Word zero-day exploit that could expose passwords to hackers, reports @happygeek in his latest article for TechFinitive - https://www.techfinitive.com/microsoft-confirms-word-zero-day-exploit-that-could-expose-passwords-to-hackers/

#ZeroDayExploit #PatchTuesday #ExploitWednesday #hackers