RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | August 5, 2008

Multiple Vulnerabilities in Apple’s MobileMe Service

Reported: 08.05.08. Patched: 11.06.08 Disclosed: 11.20.08. Apple’s MobileMe (me.com) web service contains several serious security vulnerabilities. The most critical vulnerability combines cross-site request forgery and cross-site scripting, and allows an attacker to access the service without a valid password.

Launch PDF
Richard van Eeden & Ilja van Sprundel
Disclosures | ADVISORIES | September 20, 2007

Multiple Buffer Overflows in legacy mod_jk2 apache module 2.0.3-DEV and earlier

CVE-2007-6257, VU#245025. Discovered: 05.01.07. Reported: 06.27.07. Disclosed: 09.20.07. A buffer overflow vulnerability exists in the Host Header field of the legacy version of the mod_jk2 apache module (jakata-tomcat-connectors), which allows for remote code execution in the context of the Apache process.

Launch PDF
Josh Betts Jason Larsen & Walter Pearce
Disclosures | ADVISORIES |

Buffer Overflow in Mono BigInteger Montgomery Reduction Method

VU#146292. Discovered: 07.25.07. Reported: 08.24.07. Disclosed: 09.20.07. An exploitable buffer overflow vulnerability exists in the Montgomery reduction method within the Mono Frameworks BigInteger Class (Mono.Math.BigInteger).

Launch PDF
Jason Larsen & Walter Pearce
Disclosures | ADVISORIES | March 26, 2007

Static Microsoft Windows WPAD entries might allow interception of traffic

CVE-2007-1692. Disclosed: 03.26.07. The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries. A remote attacker could leverage this to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests.

Read More
Chris Paget

Commonalities In Vehicle Vulnerabilities

With the connected car becoming commonplace in the market, vehicle cybersecurity continues to grow more important every year. At the forefront of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity threats today’s vehicles face.

View Whitepaper