By Darren Pauli, 4 Dec 2014
Big Blue has patched a serious hole in its Endpoint Manager for Mobile Devices that allows attackers to gain remote access and compromise connected mobes.
Endpoint Manager appears to have been written with Ruby, and the (flaw) means "attackers can create valid session cookies containing marshalled objects of their choosing," according to chaps at RedTeam Pentesting who have posted about the problem. "This can be leveraged to execute arbitrary code when the Ruby on Rails application unmarshals the cookie," their post says.
full article
Be the first to reply!
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.