privilege escalation – Noise

CISA Identifies Five New Vulnerabilities Currently Being Exploited

Bruce Schneier — Wed, 05 Mar 2025 12:00:31 +0000

Of the five, one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article. Slashdot thread.

How to use the PassRole permission with IAM roles

Liam Wadman — Fri, 24 Nov 2023 23:34:49 +0000

iam:PassRole is an AWS Identity and Access Management (IAM) permission that allows an IAM principal to delegate or pass permissions to an AWS service by configuring a resource such as an Amazon Elastic Compute Cloud (Amazon EC2) instance or AWS Lambda function with an IAM role. The service then uses that role to interact with […]

Zoom Exploit on MacOS

Bruce Schneier — Wed, 17 Aug 2022 11:11:17 +0000

This vulnerability was reported to Zoom last December:

The exploit works by targeting the installer for the Zoom application, which needs to run with special user permissions in order to install or remove the main Zoom application from a computer. Though the installer requires a user to enter their password on first adding the application to the system, Wardle found that an auto-update function then continually ran in the background with superuser privileges.

When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test—so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege...

Twelve-Year-Old Linux Vulnerability Discovered and Patched

Bruce Schneier — Mon, 31 Jan 2022 12:18:55 +0000

It’s a privilege escalation vulnerability:

Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system.

Previously called PolicyKit, Polkit manages system-wide privileges in Unix-like OSes. It provides a mechanism for nonprivileged processes to safely interact with privileged processes. It also allows users to execute commands with high privileges by using a component called pkexec, followed by the command...

Interesting Privilege Escalation Vulnerability

Bruce Schneier — Thu, 26 Aug 2021 11:28:00 +0000

If you plug a Razer peripheral (mouse or keyboard, I think) into a Windows 10 or 11 machine, you can use a vulnerability in the Razer Synapse software — which automatically downloads — to gain SYSTEM privileges. It should be noted that this...

Nasty Windows Printer Driver Vulnerability

Bruce Schneier — Thu, 22 Jul 2021 15:41:58 +0000

From SentinelLabs, a critical vulnerability in HP printer drivers:

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.

If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity...

Candiru: Another Cyberweapons Arms Manufacturer

Bruce Schneier — Mon, 19 Jul 2021 15:54:58 +0000

Citizen Lab has identified yet another Israeli company that sells spyware to governments around the world: Candiru.

From the report:

Summary:

Candiru is a secretive Israel-based company that sells spyware exclusively to governments. Reportedly, their spyware can infect and monitor iPhones, Androids, Macs, PCs, and cloud accounts.
Using Internet scanning we identified more than 750 websites linked to Candiru’s spyware infrastructure. We found many domains masquerading as advocacy organizations such as Amnesty International, the Black Lives Matter movement, as well as media companies, and other civil-society themed entities. ...

How to use trust policies with IAM roles

Jonathan Jenkyn — Fri, 28 Aug 2020 20:26:52 +0000

November 3, 2022: We updated this post to fix some syntax errors in the policy statements and to add additional use cases. August 30, 2021: This post is currently being updated. We will post another note when it’s complete. AWS Identity and Access Management (IAM) roles are a significant component of the way that customers […]