Microsoft leak of PlayReady developer / Warbird libs

Read Time:22 Second

Posted by Security Explorations on Jun 21

Hello All,

On Jun 11, 2024 Microsoft engineer posted on a public forum
information about a crash experienced with Apple TV service on a
Surface Pro 9 device [1].

The post had an attachment – a 771MB file (4GB unpacked), which leaked
internal code (260+ files [2]) pertaining to Microsoft PlayReady such
as the following:
– Warbird configuration for building PlayReady library
– Warbird library implementing code obfuscation functionality
– static…

Read More

ZDI-24-863: (Pwn2Own) Phoenix Contact CHARX SEC-3100 plctool Improper Privilege Management Local Privilege Escalation Vulnerability

Read Time:18 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 devices. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-26002.

Read More

ZDI-24-865: Phoenix Contact CHARX SEC-3100 charx_pack_logs Improper Input Validation Local Privilege Escalation Vulnerability

Read Time:18 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Phoenix Contact CHARX SEC-3100 charging controllers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-25999.

Read More