ZDI-22-1187: (Pwn2Own) ConnMan received_data Out-Of-Bounds Write Remote Code Execution Vulnerability

September 8, 2022

Read Time:7 Second

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installation of ConnMan. Authentication is not required to exploit this vulnerability.

Advisories

ZDI-22-1188: (Pwn2Own) Tesla ice_updater Time-Of-Check Time-Of-Use Code Execution Vulnerability

September 8, 2022

Read Time:6 Second

This vulnerability allows physical attackers to execute arbitrary code on affected Tesla vehicles. Authentication is not required to exploit this vulnerability.

Advisories

CVE-2021-34236

September 8, 2022

Read Time:13 Second

Buffer Overflow in Netgear R8000 Router with firmware v1.0.4.56 allows remote attackers to execute arbitrary code or cause a denial-of-service by sending a crafted POST to ‘/bd_genie_create_account.cgi’ with a sufficiently long parameter ‘register_country’.

News

Smashing Security podcast #288: Chiquita banana, dumb criminals, and detecting ring binders

September 7, 2022

Read Time:20 Second

Students learn a valuable lesson when it comes to AI detecting guns on campus, SIM swappers are surprisingly stupid, and romance scammers get scammed by someone (or some thing?) calling themselves Chiquita Banana.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Advisories