Cisco Talos Intelligence Blog

July 1, 2019 09:07

Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability

The V8 JavaScript engine in Google Chrome contains a memory corruption vulnerability that could allow an attacker to gain the ability to execute arbitrary code on the victim’s machine. V8 is the core JavaScript engine that runs in the Chrome browser. As part of Chrome and node.is

June 17, 2019 13:06

Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Executive summary KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers util

May 9, 2019 09:05

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase managemen

April 15, 2019 11:04

Vulnerability Spotlight: Denial of service in VMWare Workstation 15

Piotr Bania of Cisco Talos discovered this vulnerability. Executive summary VMware Workstation 15 contains an exploitable denial-of-service vulnerability. Workstation allows users to run multiple operating systems on a Linux or Windows PC. An attacker could trigger this partic

April 15, 2019 10:04

Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN's helper tool

Discovered by Tyler Bohan of Cisco Talos. Overview Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnera

March 26, 2019 10:03

Vulnerability Spotlight: Multiple vulnerabilities in GOG Galaxy Games

Richard Johnson and Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary The GOG Galaxy video game launcher contains multiple vulnerabilities that could allow a malicious actor to carry out a variety of attacks. GOG Galaxy Games is a video game storef

March 12, 2019 10:03

Vulnerability Spotlight: Privilege escalation bug in CleanMyMac X's helper service

Tyler Bohan of Cisco Talos discovered this vulnerability. Executive summary CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version

February 28, 2019 10:02

Vulnerability Spotlight: Remote code execution vulnerability in Antenna House Rainbow PDF Office Server Document Converter

Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Executive summary Antenna House Rainbow PDF Office Server Document Converter contains a heap overflow vulnerability that could allow an attacker to remotely execute code on the victim machine. Rainbow PDF is a soft