Application Security This Week for February 24

Cool PoC of the Mac vulnerability CVE-2018-4193, an RCE in WindowServer.

https://www.synacktiv.com/ressources/OffensiveCon_2019_macOS_how_to_gain_root_with_CVE-2018-4193_in_10s.pdf

 

Terrifying vulnerability in an underlying component of Docker, Kubernates, and other virtuilazation software leads to hypervisor breakdown.

https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d

 

An Oracle DCMA takedown of a Docker container leads to some interesting build awareness. Good Reddit thread.

https://www.reddit.com/r/oracle/comments/arqhjc/our_builds_are_failing_because_oracle_has_dmca/

 

A fourteen year old flaw was discovered in the encryption facility of WinRAR.  Whoops.  So much for the thousand eyes on open source theory.

https://arstechnica.com/information-technology/2019/02/nasty-code-execution-bug-in-winrar-threatened-millions-of-users-for-14-years/

 

Microsoft turbocharges GitHub's bug bounty program.

https://www.zdnet.com/article/github-bug-bounty-microsoft-ramps-up-payouts-to-30000-plus/

 

And that's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList