vulnerability spotlight
Vulnerability Spotlight: Multiple vulnerabilities in Shimo VPN’s helper tool
Cisco Talos is disclosing a series of vulnerabilities found in the Shimo VPN Helper Tool. Shimo VPN is a popular VPN client for MacOS that can be used to connect multiple VPN accounts to one application. These specific vulnerabilities were found in the “helper tool,” a feature that Shimo VPN uses to…
Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5
Cisco Talos is disclosing several vulnerabilities in ACD Systems’ Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very…
Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities
Marcin “Icewall” Noga of Cisco Talos discovered these vulnerabilities. Executive Summary Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software…
Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities
Vulnerability discovery and research by Jared Rittle and Carl Hurd of Cisco Talos. Introduction TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure th…
Vulnerability Spotlight: Multiple Vulnerabilities in Yi Technology Home Camera
Vulnerabilities Discovered by Lilith [x_x] of Cisco Talos. Overview Cisco Talos is disclosing multiple vulnerabilities in the firmware of the Yi Technology Home Camera. In order to prevent the exploitation of these vulnerabilities, Talos worked with Yi Technology to make sure a newer version of the…
Vulnerability Spotlight: Talos-2018-0694 – MKVToolNix mkvinfo read_one_element Code Execution Vulnerability
Piotr Bania, Cory Duplantis and Martin Zeiser of Cisco Talos discovered this vulnerability. Today, Cisco Talos is disclosing a vulnerability that we identified in the MKVToolNix mkvinfo utility that parses the Matroska file format video files (.mkv files). MKVToolNix is a set of tools to create, alt…
Vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator
Vulnerabilities discovered by Piotr Bania of Cisco Talos Talos is disclosing a pointer corruption vulnerability in the Intel Unified Shader compiler for the Intel Graphics Accelerator. OVERVIEW In order for the graphics to be produced, the graphics accelerators need to process the OpenGL scripts int…
Vulnerability Spotlight: Adobe Acrobat Reader DC Collab reviewServer Remote Code Execution Vulnerability
Discovered by Aleksandar Nikolic of Cisco Talos Overview Today, Talos is releasing details of a new vulnerability within Adobe Acrobat Reader DC. Adobe Acrobat Reader is the most popular and most feature-rich PDF reader. It has a big user base, is usually a default PDF reader on systems and integrat…
Vulnerability Spotlight: Multiple vulnerabilities in Atlantis Word Processor
Vulnerabilities discovered by Cory Duplantis and Ali Rizvi-Santiago of Cisco Talos. Overview Cisco Talos is disclosing several vulnerabilities discovered in Atlantis Word Processor. Atlantis Word Processor is a portable word processor that is also capable of converting any TXT, RTF, ODT, DOC, WRI, o…