There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems

Research Background The number of cellular baseband players in the top-tier smartphone market is fairly small: Qualcomm, HiSilicon, Samsung, MediaTek, and Intel. With the exception of Intel, most of these manufacturers have been in the spotlight of relatively recent public security research in the mobile space (albeit more is needed and coming!). Intel’s market share is relatively small counting by the number of flagship devices they could score. The bulk of the market is dominated by Qualcomm solutions.

Read more

Wandering through the Shady Corners of VMware Workstation/Fusion

Background In mid-January, the Zero Day Initiative announced the rules for the 2017 version of the contest, including considerably high rewards for owning VMware and performing an escape from the guest to the host. VMware itself is not a new target, but was first included as a target in 2016. VMware as a target already suffered from various exploits in the past and has a reasonably large attack surface. Interestingly, a fair share of serious vulnerabilities that could be used for guest escapes was uncovered back in 2006-2009 and then again starting in roughly 2015 again with work by Kostya Kortchinsky and lokihardt targeting VMware’s virtual printing and drag-and-drop/copy-and-paste functionality.

Read more