- Threat Encyclopedia
- Vulnerabilities
- Latest Security Advisories & Notable Vulnerabilities
This vulnerability exists in Apple iOS before 9 that can allow attackers to execute arbitrary code or cause denial of service (DoS) via a crafted application, thus compromising the security of the device.
Trend Micro researcher Moony Li disclosed details about this vulnerability to Apple. The said company acknowledged Li’s research contribution.
Microsoft addresses the following vulnerabilities in its batch of patches for Octover 2015:
This is one of the vulnerabilities used by the exploit kit, GiefRoot, which Retro Tetris, a malicious Android app downloads onto the device. The said malicious gaming app is published on Google Play that has the capability of rooting devices.
An attacker may cause an instance of any class with a non-private parameterless constructor to be created when the ObjectInputStream is used on untrusted inputs. In addition, an attacker may execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service.
A vulnerability exists in Windows Media Center that could allow remote code execution if Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.
Trend Micro researchers Aaron Luo, Kenney Lu, and Ziv Chang discovered this zero-day exploit, which also emerged from the Hacking Team leak.
Microsoft addresses the following vulnerabilities in its batch of patches for September 2015:
Apple addresses a vulnerability that exists in the way the iOS sandbox_profiles component handles third party apps. When abused, a malicious app may be allowed to read managed preferences of other apps' installed in the vulnerable iOS device.
This vulnerability exists in several versions of the Windows browser Internet Explorer. The vulnerability lies in the way Internet Explorer accesses objects in memory. Attackers could exploit this vulnerability and allow remote code execution on the vulnerable machine. Attackers looking to take advantage of this vulnerability lures potential victims to click on malicious links in instant messages, email messages, and the like.
Affected versions of Internet Explorer are versions 7 to 11, installed in Windows operating systems from Windows Vista to Windows 10.