Cisco Talos Intelligence Blog

July 1, 2019 09:07

Vulnerability Spotlight: Google V8 Array.prototype memory corruption vulnerability

The V8 JavaScript engine in Google Chrome contains a memory corruption vulnerability that could allow an attacker to gain the ability to execute arbitrary code on the victim’s machine. V8 is the core JavaScript engine that runs in the Chrome browser. As part of Chrome and node.is

By Jonathan Munshaw
Vulnerability Spotlight Vulnerability Analysis V8 Vulnerabilities Google Chrome Google V8 Google Vulnerability Research
June 17, 2019 13:06

Vulnerability Spotlight: Two bugs in KCodes NetUSB affect some NETGEAR routers

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Executive summary KCodes’ NetUSB kernel module contains two vulnerabilities that could allow an attacker to inappropriately access information on some NETGEAR wireless routers. Specific models of these routers util

By Jonathan Munshaw
Vulnerability Spotlight Wireless Routers Vulnerability Analysis Vulnerability Research Netgear NetUSB KCodes
May 16, 2019 14:05

Vulnerability Spotlight: Multiple vulnerabilities in Wacom Update Helper

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Executive summary There are two privilege escalation vulnerabilities in the Wacom update helper. The update helper is a utility installed alongside the macOS application for Wacom tablets. The application interacts w

By Jonathan Munshaw
Vulnerability Spotlight Vulnerabilities Wacom Vulnerability Discovery Wacom Update Helper Vulnerability Research
May 9, 2019 09:05

Vulnerability Spotlight: Remote code execution bug in SQLite

Cory Duplantis of Cisco Talos discovered this vulnerability. Executive summary SQLite contains an exploitable use-after-free vulnerability that could allow an attacker to gain the ability to remotely execute code on the victim machine. SQLite is a client-sidedatabase managemen

By Jonathan Munshaw
Vulnerability Spotlight SQLite Vulnerability Analysis Vulnerabilities Remote Code Execution Vulnerability Research
May 6, 2019 10:05

Vulnerability Spotlight: Multiple bugs in several Jenkins plugins

Peter Adkins of Cisco Umbrella discovered these vulnerabilities. Executive summary Jenkins is an open-source automation server written in Java. There are several plugins that exist to integrate Jenkins with other pieces of software, such as GitLab. Today, Cisco Talos is disclo

By Jonathan Munshaw
Vulnerability Spotlight GitLab Swarm Vulnerabilities Plugin Jenkins Vulnerability Research Ansible
April 23, 2019 19:04

Vulnerability Spotlight: Symantec Endpoint Protection kernel memory information disclosure vulnerability

Marcin Noga of Cisco Talos discovered this vulnerability. Overview Cisco Talos is disclosing an information leak vulnerability in the ccSetx86.sys kernel driver of Symantec Endpoint Protection Small Business Edition. The vulnerability exists in the driver’s control message ha

By Jonathan Munshaw
Vulnerability Spotlight Vulnerabilities Vulnerability Research Symantec
March 12, 2019 10:03

Vulnerability Spotlight: Privilege escalation bug in CleanMyMac X's helper service

Tyler Bohan of Cisco Talos discovered this vulnerability. Executive summary CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version

By Jonathan Munshaw
Vulnerability Spotlight Vulnerability Analysis Vulnerability Macpaw Vulnerability Research CleanMyMac
January 30, 2019 11:01

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

Tyler Bohan of Cisco Talos discovered these vulnerabilities. Vanja Svajcer authored this blog post. Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of

By Jonathan Munshaw
Vulnerability Spotlight Canvas Draw 5 ACD Systems Vulnerability Vulnerability Research
October 9, 2018 14:10

Vulnerability Spotlight: VMWare Workstation DoS Vulnerability

Today, Cisco Talos is disclosing a vulnerability in VMware Workstation that could result in denial of service. VMware Workstation is a widely used virtualization platform designed to run alongside a normal operating system, allowing users to use both virtualized and physical syst

By Nick Biasini
Vulnerability Spotlight Vulnerability Research Beers with Talos