vulnerability disclosure

April 29, 2019

SECURITY

The PSIRT Services Framework: Helping the Industry Protect the Ecosystem

3 min read

At Cisco, our leadership made the decision over twenty four years ago that we would clearly publicly communicate security vulnerabilities or other issues that could potentially expose customers to risk....

October 10, 2017

THREAT RESEARCH

Microsoft Patch Tuesday – October 2017

1 min read

Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 63 new vulnerabilities with 28 of them rated critical and 35 rated important. These vulnerabilities impact Graphics, Edge, Internet Explorer, Office, Sharepoint, Windows Graphic Display Interface, Windows Kernel Mode Drivers, […]

Enough is Enough – Change Must Begin Now

4 min read

Beginning last week, many organizations around the globe found themselves responding to infected computers in their environments that were hit with new malicious ransomware called “WannaCry.” Most other organizations reacted quickly to protect their network-critical files from being taken hostage by cyber criminals and held for ransom. And we are now seeing new variants of […]

February 14, 2017

THREAT RESEARCH

Vulnerability Spotlight: Apple Garage Band Out of Bounds Write Vulnerability

1 min read

Discovered by Tyler Bohan of Cisco Talos Overview Talos is disclosing TALOS-2016-0262  (CVE-2017-2372) and TALOS-2017-0275  (CVE-2017-2374), an out of bounds write vulnerability in Apple GarageBand. GarageBand is a music creation program, allowing users to create and edit music easily and effectively from their Mac computer. GarageBand is installed by default on all Mac computers so […]

January 23, 2017

THREAT RESEARCH

Vulnerability Spotlight – LibBPG Image Decoding Code Execution

1 min read

Overview Talos is disclosing TALOS-2016-0259 / CVE-2016-8710. An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in libbpg library. A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. This vulnerability can be triggered […]

April 7, 2016

THREAT RESEARCH

Vulnerability Deep Dive: Exploiting the Apple Graphics Driver and Bypassing KASLR

1 min read

Cisco Talos vulnerability researcher Piotr Bania recently discovered a vulnerability in the Apple Intel HD 3000 Graphics driver, which we blogged about here. In this post we are going to take a deeper dive into this research and look into the details of the vulnerability as well as the KASLR bypass and kernel exploitation that […]

October 5, 2015

SECURITY

Improvements to Cisco’s Security Vulnerability Disclosures

5 min read

Cisco is committed to protecting customers by sharing critical security-related information in different formats. Guided by customer feedback, Cisco’s Product Security Incident Response Team (PSIRT) is seeking ways to improve how we communicate information about Cisco product vulnerabilities to our Customers and Partners.  As John Stewart mentioned on his blog post, the Cisco PSIRT has launched a […]