RESOURCES | IOActive

All
Blogs
Disclosures
Library

Blogs | RESEARCH | January 6, 2016

Drupal – Insecure Update Process

Just a few days after installing Drupal v7.39, I noticed there was a security update available: Drupal v7.41. This new version fixes an open redirect in the Drupal core. In spite of my Drupal update process checking for updates, according to my local instance, everything was up to date: Issue #1: Whenever the Drupal update process fails, Drupal states that everything is up to date instead of giving a warning. The issue was due to some sort of network problem….

Fernando Arnaboldi

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER

IOACTIVE CORPORATE OVERVIEW (PDF)

IOACTIVE SERVICES OVERVIEW (PDF)

IOACTIVE ARCHIVED WEBINARS (list)

Arm IDA and Cross Check: Reversing the 787’s Core Network