• img August 18, 2017

Two Foxit Reader RCE zero-day vulnerabilities disclosed

Trend Micro’s Zero Day Initiative has released details about two remote code execution zero-day flaws affecting popular freemium PDF tool Foxit Reader. The first one (CVE-2017-10951) is a command injection flaw that exists within the app.launchURL method, and arises because the method accepts more than just URLs as arguments. It does not filter file extensions, […]

Read More
  • img August 18, 2017

Vendor Exposes Backup of Chicago Voter Roll via AWS Bucket

Voter registration data belonging to the entirety of Chicago’s electoral roll—1.8 million records—was found a week ago in an Amazon Web Services bucket.   This post was originally published on https://threatpost.com/feed/. https://blacklakesecurity.com/vendor-exposes-backup-of-chicago-voter-roll-via-aws-bucket/

Read More
  • img August 18, 2017

Carbon Emissions: Oversharing Bug Puts Security Vendor Back in Spotlight

Last week, security firm DirectDefense came under fire for over-hyping claims that Cb Response, a cybersecurity product sold by competitor Carbon Black, was leaking proprietary from customers who use it. Carbon Black responded that the bug identified by its competitor was a feature, and that customers were amply cautioned in advance about the potential privacy risks of […]

Read More
  • img August 18, 2017

It’s Not Exactly Open Season on the iOS Secure Enclave

Despite yesterday’s leak of the Apple iOS Secure Enclave decryption key, experts are urging calm over claims of an immediate threat to user data.   This post was originally published on https://threatpost.com/feed/. https://blacklakesecurity.com/its-not-exactly-open-season-on-the-ios-secure-enclave/

Read More
  • img August 18, 2017

Decryption key for Apple iOS Secure Enclave Processor firmware revealed

A hacker that goes by the handle “xerub” has apparently figured out the decryption key for Apple’s Secure Enclave Processor (SEP) firmware, and made it available online: key is fully grown https://t.co/MwN4kb9SQI use https://t.co/I9fLo5Iglh to decrypt and https://t.co/og6tiJHbCu to process — ~ (@xerub) August 16, 2017 What is the Secure Enclave? To quote Apple: The […]

Read More