|
Vulnerability Spotlight Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Vulnerability Spotlight Apple OS X Graphics Kernel Driver Local Privilege Escalation Vulnerability Par Security Bloggers NetworkLe [2016-03-23] à 14:11:17
Présentation : Vulnerability discovered by Piotr Bania of Cisco Talos. Cisco Talos, in conjunction with Apple s security advisory issued on Mar 22, is disclosing the discovery of a local vulnerability in the communication functionality of the Apple Intel HD3000 Graphics kernel driver. This vulnerability was initially discovered by the Talos Vulnerability Research Development Team and reported in accordance with responsible disclosure policies to Apple. There is a local privilege escalation vulnerability in the Apple Intel HD3000 Graphics kernel driver TALOS-2016-0088 CVE-2016-1743 which Talos has identified on OS X 10.11. Exploitation of this vulnerability requires user interaction, such as executing a malicious executable received via email or downloaded and run on the user's Mac. With OS X becoming more common in the workplace this can be especially impactful as the common user accounts often do not have root-level permissions. Advisory Summary ---------------- This vulnerability can be triggered by sending specially crafted IOConnectCallMethod request to the Apple Intel HD3000 Graphics driver, the faulting code is in the IOGen575Shared new_texture function. Successful exploitation can result in an escalated privilege for the attacker, who can then use root-level access for further malicious activity. For full details please read the advisory here Cisco Talos research and discovery of programmatic ways to find 0-days helps secure the platforms and software that our customers depend on. The disclosure of this and other vulnerabilities helps the entire online community by identifying security issues that otherwise could be exploited by threat actors. Uncovering new 0-days not only helps improve the overall security of the software that our customers use, but it also enables us to directly improve the procedures in our own security development lifecycle, which improves the security of all of the products that Cisco produces. Related Snort rules 37517, 37518 For the most up to date list, please refer to Defense Center or FireSIGHT Management Center. For further zero day or vulnerability reports and information visit http talosintel.com vulnerability-reports Timeline 2016-02-02 - Vendor Disclosure 2016-03-21 - Vulnerability Patched 2016-03-22 - Public Release
Les mots clés de la revue de presse pour cet article : vulnerability apple kernel local Les videos sur SecuObs pour les mots clés : vulnerability apple kernel local Les éléments de la revue Twitter pour les mots clé : vulnerability apple kernel local
Les derniers articles du site "Security Bloggers Network" :
- In An Era Of Decline, News Sites Can t Afford Poor Web Performance - BeautifulPeople.com experiences data breach 1m affected - Swedish Air Space Infringed, Aircraft Not Required - Why cybercriminals attack healthcare more than any other industry - Setting the Benchmark in the Network Security Forensics Industry - Spotify denies hack users subjected to weird music beg to differ - The Dangerous Game of DNS - Threat Recap Week of April 22nd - Is your security appliance actually FIPS validated - Deploying SAST Static Application Security Testing
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.190.17.190 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.190.17.190 to any 80"
- Nous contacter par mail
Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|