Cisco Talos Blog

October 13, 2020 18:51

Vulnerability Spotlight: Denial of service in AMD ATIKMDAG.SYS driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API

October 13, 2020 14:22

Vulnerability Spotlight: Information leak vulnerability in Google Chrome WebGL

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a vulnerability that could be exploited by an adversary to carry out a range of malicious actions. Chrome is one of the most popular web browsers currently a

October 13, 2020 09:10

Vulnerability Spotlight: Denial-of-service vulnerabilities in Allen-Bradley Flex I/O

Jared Rittle of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. The Allen-Bradley Flex input/output system contains multiple denial-of-service vulnerabilities in its ENIP request path data segment. These bugs exist specifically in the 1794-AENT FLEX I/O modula

October 7, 2020 12:07

Vulnerability Spotlight: DoS vulnerability in ATIKMDAG.SYS AMD graphics driver

Piotr Bania of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Cisco Talos recently discovered a denial-of-service vulnerability in the ATIKMDAG.SYS driver for some AMD graphics cards. An attacker could send the victim a specially crafted D3DKMTCreateAllocation API

September 17, 2020 10:21

Vulnerability Spotlight: Remote code execution vulnerability Apple Safari

Marcin "Icewall" Noga of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Apple Safari web browser contains a remote code execution vulnerability in its Webkit feature. Specifically, an attacker could trigger a use-after-free condition in WebCore, th

August 24, 2020 15:28

Vulnerability Spotlight: Remote code execution, privilege escalation bugs in Microsoft Azure Sphere

Claudio Bozzato, Lilith >_> and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Update (Sept. 17, 2020): This post has been updated to reflect the status of Microsoft assigning CVEs to these issues. Cisco Talos researchers recently disc

August 24, 2020 10:00

Vulnerability Spotlight: Use-after-free vulnerability in Google Chrome WebGL could lead to code execution

Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw. The Google Chrome web browser contains a use-after-free vulnerability in its WebGL component that could allow a user to execute arbitrary code in the context of the browser process. This vulnerabi

August 20, 2020 15:18

Vulnerability Spotlight: Internet Systems Consortium BIND server DoS

Emanuel Almeida of Cisco Systems discovered this vulnerability. Blog by Jon Munshaw. The Internet Systems Consortium’s BIND server contains a denial-of-service vulnerability that exists when processing TCP traffic through the libuv library. An attacker can exploit this vulnerabi

July 31, 2020 12:56

Vulnerability Spotlight: Microsoft issues security update for Azure Sphere

Claudio Bozzato, Lilith >_> and Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Update (Sept. 17, 2020): This post has been updated to reflect the status of Microsoft assigning CVEs to these issues. Cisco Talos researchers recently dis