New Vulnerability Could Put IoT Devices at Risk
Society relies so heavily on technology that the number of internet connected devices used globally is predicted to grow to 55.9 billion by 2025. Many of these devices span parts of Industrial Control Systems (ICS) that impact the physical world, assist us in our daily lives at home and monitor and automate everything from energy…
Why Fixing Security Vulnerabilities Is Not That Simple
It sounds simple: A scanner identifies a vulnerability, the vulnerability is patched. What happens in between, however, can be far from simple. Yet if you are not on a security team or, more specifically, a vulnerability management team, you would never know the bumpy, winding road that often stretches between scanning and patching. The Patch…
Android Vulnerabilities: Attacking Nexus 6 and 6P Custom Boot Modes
In recent months, the X-Force Application Security Research Team has discovered several previously undisclosed Android vulnerabilities. The November 2016 and January 2017 Android Security Bulletins included patches to one high-severity vulnerability, CVE-2016-8467, in Nexus 6 and 6P. Our new paper, “Attacking Nexus 6 & 6P Custom Bootmodes,” discusses this vulnerability as well as CVE-2016-6678.