Showing Posts From
June 2015
- 25 Jun 2015
Set Fire to the Phone
Two security researchers from MWRLabs discovered multiple vulnerabilities in the Amazon Fire Phone's AppStore ecosystem. By chaining three distinct vulnerabilities, they achieved remote code execution without using native or memory-based attacks. The exploit allowed installation of malware, extraction of device data, and demonstrated significant application security risks in the Fire Phone's software.
-
David Middlehurst James Loureiro - 5 Jun 2015
Why Bother Assessing Popular Software?
A presentation at BSides London 2015 examined software security vulnerabilities through a case study of Adobe Reader. The analysis focused on investigating the attack surface of the software by examining its JavaScript API, PDF Rendering Engine, and Sandbox. High-risk security vulnerabilities were identified during the detailed technical assessment.