Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
How a Security Test for DropBox Revealed 3 Apple Zero Day Vulnerabilities
#1
[Image: Dropbox.png]

Quote:When Dropbox hired a security firm to perform a Red Team cyber attack simulation on their services, little did they know that they would discover zero day vulnerabilities in Apple products that could affect much more than their company.

In a blog post by Dropbox, they explain how they routinely perform attack simulations to test the effectiveness of their security systems and policies. In a recent test, Dropbox's goal was to test how well their systems could detect and track a successful breach.

"We’ve invested a lot in our hardening, detection, alerting, and response capabilities at Dropbox," stated Chris Evans, Head of Security, in a blog post. "Even if an attacker breaks in and accesses various systems in our environments without triggering an alarm, we have extensive instrumentation to trace activity post-exploitation. So how do we know we’re doing a good job? That’s the kind of testing we were going for with our most recent attack simulation. Our testing goals included measuring the steady-state of our detection and alerting program, as well as measuring our team’s response when a breach has been identified. Identifying new ways to break into Dropbox was in scope for this engagement, but even if none were found, we were going to simulate the effects of a breach by just planting malware ourselves (discretely, of course, so as not to tip off the detection and response team)."


What they did not expect, though, was for their external security partner Syndis to discover multiple zero-day vulnerabilities in Apple software. When these vulnerabilities were chained together, they could allow commands to be remotely executed on a vulnerable macOS computer simply by visiting a malicious web site.

These vulnerabilities were disclosed to Apple by Syndis and Dropbox on February 19th and fixed within a month with the release of their March 29th, 2018 security updates.

READ THE FULL ARTICLE HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 422 02-04-2024 , 06:49 AM
Last Post: mrtrout
  Google Uncovers 18 Severe Security Vulnerabilities in Samsung Exynos Chips mrtrout 0 379 03-19-2023 , 06:31 PM
Last Post: mrtrout
  Abode IoT Security Camera Vulnerabilities Bitdefender mrtrout 0 441 01-01-2022 , 06:59 AM
Last Post: mrtrout
  Palo Alto firewall software vulnerability quartet revealed Bjyda 0 637 02-13-2021 , 09:59 PM
Last Post: Bjyda
  Panda Security does it again: 100% detection in AV-C’s Real-World Test mrtrout 0 933 11-20-2020 , 10:16 AM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)