Privilege escalation vulnerabilities


BlackBerry Resolves Privilege Escalation Vulnerability in Z10

Last week BlackBerry released a security update resolving an escalation of privilege vulnerability that existed in “BlackBerry Protect” enabled devices running version 10.0.10.261 and earlier operating systems. The company claims that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in the wild.

VMware Fixes Privilege Escalation Vulnerability

Virtualization software maker VMware issued an update last Thursday resolving a virtual machine communication interface (VMCI) vulnerability in its ESX Server, Workstation, Fusion and View products that could lead to a privilege escalation if unpatched.According to the VMware security advisory, a local attacker could potentially exploit a control code handling vulnerability in vmci.sys in order to tamper with memory allocation in the VMCI code and eventually obtain elevated privileges on Windows-based hosts and guest operating systems.

Sybase Fixes Nine ASE Flaws

Enterprise software and services company Sybase has again patched holes in its Adaptive Server Enterprise (ASE) product, fixing a handful of database vulnerabilities that could have allowed a hacker to execute code and bypass security parameters on the company’s main database server product.


Patches released this week by database and mobile management vendor Sybase did not completely repair serious privilege escalation and remote code execution vulnerabilities in versions 15.0.3 and later of its Adaptive Server Enterprise (ASE) product.Researchers at Application Security Inc., which specializes in database security, reported a dozen vulnerabilities to the SAP company in July. AppSec also sent along proof-of-concept exploit code with details of the vulnerabilities.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.