Information Security Advisories
During the course of our work and engagements we have often encountered and documented critical security vulnerabilities in the products developed and marketed by major vendors catering to Fortune 500 companies, powering the infrastructure that billions of devices and users rely on daily for work and leisure. We have often reported these vulnerabilities and cooperated or actively participated in their remediation. This page serves an up-to-date and historical list of these contributions.
Summary Apple QuickTime before Mac OS X v10.6.8 and Security Update 2011-004 does not properly handle Matrix structures in PICT files with out-of-bounds index values. The result write access to an out-of-bounds memory address can be successfully used to execute arbitrary code under the context of the application loading the image, without user interaction. Technical details This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime Player.
CVE-2011-1923: Insecure Diffie Hellman key exchange parameters validation in Mbed TLS (former PolarSSL)
Summary Mbed TLS (then PolarSSL) is a widely used cryptographic library originally written by Christopher Devine (as XySSL, released under the BSD 3-clause license) which has seen a significant amount of acceptance in embedded applications, owing to its lightweight origins, and was acquired by ARM. During the course of internal research, a specialist from Subreption identified a severe vulnerability in the library’s implementation of the Diffie-Hellman key exchange, consisting of a lack of validation for the public parameters, a well known “man in the middle” attack against DH where a malicious third-party can manipulate the public parameters of the exchange and force a weak or predictable secret to be generated by the targeted parties.
CVE-2008-3627: QuickTime: heap corruption allows arbitrary code execution via malicious H.264 movie files (CVE-2008-3627)
Summary Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms in MP4 video files within QuickTimeH264.qtx, (2) MDAT atoms in mov video files within QuickTimeH264.scalar, and (3) AVC1 atoms in an unknown media type within an unspecified component, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a crafted, H.264 encoded movie file. Technical details This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime.
Subreption adheres to a so-called responsible disclosure policy with cooperative and responsive vendors. Exceptions include sanctioned entities, vendors known to be openly or covertly hostile towards researchers, as well as those engaged in PR practices involving deceptive marketing and other questionable behavior. Public disclosure is delayed until a satisfactory remediation has been developed and deployed to customers, unless the affected vendor engages in negligent handling of the information or fails to justify any additional delay.
Receive our latest updates via e-mail.