RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | RESEARCH | November 25, 2015

Privilege Escalation Vulnerabilities Found in Lenovo System Update

Lenovo released a new version of the Lenovo System Update advisory (https://support.lenovo.com/ar/es/product_security/lsu_privilege) about two new privilege escalation vulnerabilities I had reported to Lenovo a couple of weeks ago (CVE-2015-8109, CVE-2015-8110). IOActive and Lenovo have issued advisories on these issues.   Before digging into the details, let’s go over a high-level overview of how the Lenovo System Update pops up the GUI application with Administrator privileges.   Here is a discussion of the steps depicted above: 1 – The user starts System Update…

Sofiane Talmat

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)