What Can Be Learned from the Recent HKSP Vulnerability

Yesterday, JSOF published a set of vulnerabilities called "DNSpooq" which affects the immensely popular "dnsmasq" DNS caching server. These vulnerabilities can allow both LAN and WAN based attackers to inject malicious DNS entries and even to entirely take over the dnsmasq host via a remote heap overflow attack.

Vdoo’s security research team discovered a potentially critical vulnerability in RAUC, an open-source framework for firmware updates. Vdoo has responsibly disclosed this vulnerability and worked closely with the vendor verifying the fix to the vulnerability. All the technical details about this security issue and it’s impact can be found in the blog post.

As part of a device supply chain security assessment, Vdoo has discovered four new vulnerabilities in Qualcomm’s mobile access point architecture that can allow attackers to gain remote root access to impacted devices ranging from access points to automotive ECUs.