This post was authored by Rich Johnson, William Largent, and Ryan Pentney. Earl Carter contributed to this post.
Cisco Talos, in conjunction with Apple’s security advisory issued on June 30th, is disclosing the discovery of a remote code execution vulnerability within Apple Quicktime. This vulnerability was initially discovered by the Talos Vulnerability Research & Development Team and reported in accordance with responsible disclosure policies to Apple.
There is a remote code execution vulnerability in Apple Quicktime (TALOS-CAN-0018, CVE-2015-3667). An attacker who can control the data inside an stbl atom in a .MOV file can cause an undersized allocation which can lead to an out-of-bounds read. An attacker can use this to create a use-after-free scenario that could lead to remote code execution.
There is a function within QuickTime (QuickTimeMPEG4!0x147f0) which is responsible for processing the data in an hdlr atom. There is a 16-byte memory region, allocated near the beginning of the function, if the hdlr subtype field in an mdia atom is set to ‘vide’, this reference is passed to a set of two functions.
Read More »
Tags: 0-day, Apple, research, security, stbl, Talos, vulnerability, vulnerability spotlight
The only thing that remains constant is change.
It’s an old adage. While it has always been true, it’s especially relevant now. Today’s pace of technology change is akin to a vortex, relentlessly and chaotically sweeping everything into its spiral path, demanding digitization. As with a real vortex, the force of this change is too strong to ignore and those objects (or business models) that fail to adapt will break apart and fall away.
Indeed, digital disruption has the potential to overturn incumbents and reshape markets faster than perhaps any force in history. Organizations that do not drive their own digital business transformation will be left behind. Those that do will be pulled toward a “digital center” in which business models, offerings, and value chains are digitized driving new revenue streams and substantive business outcomes.
The driver behind this pace of disruption is the Internet of Everything (IoE), the networked connection of people, process, data, and things. Cisco projects these connections to surge from 15 billion today to some 50 billion by the end of the decade. IoE is sowing disruption, certainly — but it is a force for disruption and creation. With a total Value at Stake of $19 trillion from 2013 to 2022, IoE represents a profound market transition — and opportunity.
Read More »
Tags: Cisco, digital business, digital disruption, Digital transformation, digital vortex, IMD, innovation, Internet of Everything, IoE, leadership, research, thought leadership
Powerful technology trends including, social, mobile, cloud, and Big Data are converging, creating unprecedented “digital disruption.” We are in a unique period of time where business and technology leaders have the opportunity to create new value and win market share by leveraging the advantages of a hyper-connected world.
Agile competitors with better business models seemingly emerge overnight. Ingrained ways of thinking and working make changing to an innovative culture painfully slow. Needed talent and resources lie outside the four walls of the organization in a wider ecosystem of capabilities. And while technology challenges abound as we confront the future, people and process changes are even more vexing for most organizations.
So how do executives keep their companies from being added to the growing heap of once venerable brands that didn’t transform fast enough?
It’s not easy.
According to Gartner research, by 2020, 75 percent of companies will be a digital business or will be preparing to become one, yet only 30 percent of these efforts will be successful. The number one reason companies fail to transform is because they don’t re-imagine and reinvent the business from top to bottom before they begin.
Read More »
Tags: Cisco, digital business, digital disruption, Digital transformation, IMD, innovation, Internet of Everything, IoE, leadership, research
This year we launched the first annual Research Symposium at the IoT World Forum in Chicago. This Symposium brought together scholars, industry leaders and visionaries from across the world to discuss how academia and industry can partner to address the challenges and the opportunities that IoT presents.
We were delighted to be joined by impressive speakers. CEO of Enduring Hydro and former Undersecretary of the U.S. Department of Energy Dr. Kristina Johnson, Stanford University Professor Balaji Prabakar, and World Bank Senior Transport Specialist Dr. Shomik Mehndiratta offered their perspectives on how IoT can improve our cities and societies by transforming how we approach everything from transportation to energy. Purdue University Professor Douglas Comer helped us understand what is required to make IoT interoperable. Read More »
Tags: academia, innovation, IoT, IoTWF, research, university
Arguably 2014 is already turning out to be a big year for cloud. Some have even called it “The Year of the Cloud.” Cloud implementation continues to play an essential role in overall IT strategy:
- A recent report says 80% of cloud adopters saw improvements within 6 months of moving to the cloud.
- According to the recent Future of Cloud Computing Survey, “organizations average 52% current use of applications that advance business priorities – underscoring the increasing value placed by organizations on facilitating the delivery of services beyond IT via the cloud.”
- More than half of respondents in the same survey cited business agility (54.5%) and scalability (54.3%) as the main drivers for cloud adoption.
In today’s business landscape, a variety of organizations and industries are embracing cloud as a way to make a real difference in their business.
Cisco is committed to helping our customers evolve their business and take advantage of the latest transformations in IT. We are starting to see the results of that commitment. This is evident by the way that our customers have embraced UCS, as proved by being named #1 in blade server market share, and recently with Synergy Research naming Cisco #1 in cloud infrastructure equipment market share to deploy their cloud strategy.
So, what does Cisco being named the #1 cloud infrastructure provider mean for you?
Read More »
Tags: Bryan Glick, Cisco, Cisco UCS, CiscoCloud, cloud, Cloud Computing, Computer Weekly, Converged Infrastructure, Giuliano Di Vitantonio, Integrated infrastructure, Jack Woods, Michael Skok, Northbridge, research, SiliconANGLE, Synergy, synergy research, Synergy Research Group, Thomas Cloyd, UCS