ITSEC NewsAug 9, 2025
ReVault! When your SoC turns against you… deep dive edition - For a high-level overview of this research, you can refer to our Vulnerability Spotlight.... https://blog.talosintelligence.com/revault-when-your-soc-turns-against-you-2/ #vulnerabilitydeepdive
ReVault! When your SoC turns against you… deep dive edition

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Cisco Talos Blog
ITSEC NewsJun 26, 2025
Decrement by one to rule them all: AsIO3.sys driver exploitation - IntroductionArmory Crate and AI Suite are applications used to manage and monitor ASUS mo... https://blog.talosintelligence.com/decrement-by-one-to-rule-them-all/ #vulnerabilitydeepdive #vulnerability
Decrement by one to rule them all: AsIO3.sys driver exploitation

Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design.

Cisco Talos Blog
ITSEC NewsFeb 10, 2025
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t - By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing s... https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case-of-ubuntu-printing-vulnerability-that-wasnt/ #vulnerabilitydeepdive
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing

Cisco Talos Blog
ITSEC NewsNov 25, 2024
Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform - By Philippe LaulheretClipSP (clipsp.sys) is a Windows driver used to implement cli... https://blog.talosintelligence.com/finding-vulnerabilities-in-clipsp-the-driver-at-the-core-of-windows-client-license-platform/ #vulnerabilitydeepdive
Finding vulnerabilities in ClipSp, the driver at the core of Windows’ Client License Platform

By Philippe Laulheret ClipSP (clipsp.sys) is a Windows driver used to implement client licensing and system policies on Windows 10 and 11 systems. Cisco Talos researchers have discovered eight vulnerabilities related to clipsp.sys ranging from signature bypass to elevation of privileges and sandbox escape: * TALOS-2024-1964 (CVE-2024-38184) * TALOS-2024-1965 (CVE-2024-38185)

Cisco Talos Blog
ITSEC NewsAug 28, 2024
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks - Hunting for vulnerabilities in industrial environments has become increasingly important ... https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks/ #vulnerabilitydeepdive
The vulnerabilities we uncovered by fuzzing µC/OS protocol stacks

Fuzzing has long been one of our favorite ways to search for security issues or vulnerabilities in software, but when it comes to fuzzing popular systems used in ICS environments, it traditionally involved a custom hardware setup to fuzz the code in its native environment.

Cisco Talos Blog
ITSEC NewsAug 28, 2024
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case - So far in this series, I’ve developed a fuzzer for the µC/HTTP-server. As described in th... https://blog.talosintelligence.com/fuzzing-ucos-protocol-stacks-part-2/ #vulnerabilitydeepdive
Fuzzing µCOS protocol stacks, Part 2: Handling multiple requests per test case

This time, I’ll discuss why this approach is more challenging than simply substituting a socket file descriptor with a typical file descriptor.

Cisco Talos Blog
ITSEC NewsAug 28, 2024
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing - This is the first post of a three-part series, where we will be delving into the intricac... https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-1/ #vulnerabilitydeepdive
Fuzzing µC/OS protocol stacks, Part 1: HTTP server fuzzing

Any vulnerability in an RTOS has the potential to affect many devices across multiple industries.

Cisco Talos Blog
ITSEC NewsAug 28, 2024
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver - This is the final post in the three-part series that details techniques I used to ... https://blog.talosintelligence.com/fuzzing-uc-os-protocol-stacks-part-3/ #vulnerabilitydeepdive
Fuzzing µC/OS protocol stacks, Part 3: TCP/IP server fuzzing, implementing a TAP driver

This is the final post in the three-part series that details techniques I used to fuzz two µC/OS protocol stacks: µC/TCP-IP and µC/HTTP-server.

Cisco Talos Blog
ITSEC NewsAug 19, 2024
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions - Cisco Talos has identified eight vulnerabilities in Microsoft applications for the macOS ... https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ #vulnerabilitydeepdive
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

An adversary could exploit these vulnerabilities by injecting malicious libraries into Microsoft's applications to gain their entitlements and user-granted permissions.

Cisco Talos Blog
ITSEC NewsJun 26, 2024
Multiple vulnerabilities in TP-Link Omada system could lead to root access - The TP-Link Omada system is a software-defined networking solution for small to medium-si... https://blog.talosintelligence.com/multiple-vulnerabilities-in-tp-link-omada-system/ #vulnerabilitydeepdive
Multiple vulnerabilities in TP-Link Omada system could lead to root access

Affected devices could include wireless access points, routers, switches and VPNs.

Cisco Talos Blog