Wed, 02/10/2021 - 00:14Two weeks ago, CVE-2021-1782 was fixed by Apple. If the patch for this kernel vulnerability is simple, a way to exploit the bug was still to be discovered. This blog post aims to explain how an exploit is possible while providing a PoC.
Thu, 12/10/2020 - 07:39Despite an active console hacking community, only few public PlayStation 4 exploits have been released. In this post, we will give a walk-through on the exploitation of a 0-day WebKit vulnerability on 6.xx firmware.
Tue, 12/01/2020 - 10:09Back in the beginning of November, Project Zero announced that Apple has patched a full chain of vulnerabilities that were actively exploited in the wild. This chain consists in 3 vulnerabilities: a userland RCE in FontParser as well as a memory leak and a type confusion in the kernel. In this blogpost, we will describe how we identified and exploited the kernel memory leak.
Wed, 11/25/2020 - 12:43In this blogpost, we will find what happens when two security researchers find a random printer and then manage to find vulnerabilities in it.
Thu, 11/05/2020 - 09:16In order to better protect its users, NBS System has asked Synacktiv to perform a source code review of Naxsi, a famous open source Web Application Firewall (WAF). During this audit, Synacktiv discovered several vulnerabilities that could allow bypassing the application of the filtering rules. This short blog post will present the most critical vulnerabilities and how they were fixed by NBS System. The fixes have been published on version 1.1a quickly after they were reported: https://github.com/nbs-system/naxsi/releas...
Thu, 09/03/2020 - 13:44As you may already know, we collaborated with Zero Day Initiative to disclose a vulnerability in Ubuntu's ppp package. This vulnerability has been assigned the identifiers ZDI-CAN-11504 / CVE-2020-15704.
Tue, 07/28/2020 - 14:36ZDI announced last year a new entry in it's yearly contest "Pwn2Own". After the Vancouver edition focused on Desktop software and Tokyo specialized in smartphones, there is now a third location in Miami dedicated to industrial software also known as ICS or SCADA.
Wed, 06/03/2020 - 12:48Last week we published about the reintroduction of a kernel vulnerability in iOS 13. Here is the follow-up with the analysis of the fix.
Fri, 05/29/2020 - 17:38Last week-end a new version of the iOS jailbreak unc0ver1 was released with the support of the latest iOS 13.5. Since iOS 8 in 2014, this is the first jailbreak using a 0-day vulnerability, a vulnerability still unknown to Apple at the time of the release, to break iPhone security measures. To keep this vulnerability secret, the jailbreak is heavily obfuscated and protected against dynamic inspection. However, since this vulnerability is not exactly new to us and since the cat is out of the bag, now seems a good tim...
Mon, 05/04/2020 - 17:31A few months ago, Synacktiv teams performed a security assessment on the open source project Squid. This blog post describes a few vulnerabilities that were found during this audit.