Research

Remote iOS Attacks Targeting Journalists: More Than One Threat Actor?

ZecOps is proud to share that we detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack detection was automatically detected using ZecOps Mobile DFIR. In this blog post, we’ll share our analysis of the post-exploitation kernel panics observed on one of the targeted devices. Key …

Remote iOS Attacks Targeting Journalists: More Than One Threat Actor? Read More »

exploitable bug on Microsoft Teams

Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit

This is a story about a Microsoft Teams crash that we investigated recently. At first glance, it looked like a possible arbitrary code execution vulnerability, but after diving deeper we realized that there’s another explanation for the crash. TLDR; ZecOps ingested and analyzed an event that seems exploitable on a Windows machine from Microsoft Teams …

Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit Read More »

Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7

Abstract.  Due to its popularity, iOS has attracted the attention of a large number of security researchers.  Apple is constantly improving iOS security, develops and adapts new mitigations at a rapid pace. In terms of the effectiveness of mitigation measures, Apple increases the complexity of hacking iOS devices making it one of the hardest platforms …

Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7 Read More »

Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898)

At the Patch Tuesday on October 13, Microsoft published a patch and an advisory for CVE-2020-16898, dubbed “Bad Neighbor”, which was undoubtedly the highlight of the monthly series of patches. The bug has received a lot of attention since it was published as an RCE vulnerability, meaning that with a successful exploitation it could be …

Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898) Read More »