:: Deepquest ::

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is “C:WindowsSystem32” and if not we grab our process ID and terminate. We do not need […]

Apple Security Advisory 2022-05-16-1 – iOS 15.5 and iPadOS 15.5 addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-2 – macOS Monterey 12.4 addresses buffer overflow, bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-3 – macOS Big Sur 11.6.6 addresses bypass, code execution, denial of service, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-4 – Security Update 2022-004 Catalina addresses bypass, code execution, denial of service, integer overflow, out of bounds access, out of bounds read, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-5 – watchOS 8.6 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-6 – tvOS 15.5 addresses bypass, code execution, integer overflow, out of bounds access, out of bounds write, and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-7 – Safari 15.5 addresses code execution and use-after-free vulnerabilities.

Apple Security Advisory 2022-05-16-8 – Xcode 13.4 addresses a logic issue and a privilege escalation issue.

Thanos ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL to execute our own code and control and terminate the malware pre-encryption. The exploit DLL will check if the current directory is “C:\Windows\System32” and if not we grab our process ID and terminate. We do not need […]