Smash PostScript Interpreters Using A Syntax-Aware Fuzzer | allinfosecnews.com

April 26, 2023, 3:50 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

In 2022, Zscaler’s ThreatLabz performed vulnerability hunting for some of the most popular PostScript interpreters using a custom-built syntax-aware fuzzer. The PostScript interpreters that were evaluated include Adobe Acrobat Distiller and Apple’s PSNormalizer. At the time of publication, ThreatLabz has discovered three vulnerabilities (CVE-2022-35665, CVE-2022-35666, CVE-2022-35668) in Adobe Acrobat Distiller and one vulnerability (CVE-2022-32843) in Apple’s PSNormalizer. This blog presents how the syntax-aware fuzzer was developed and analyzes the results.

PostScript Language

PostScript is a stack-based programming language, where values …

acrobat adobe adobe acrobat apple aware blog cve fuzzer hunting language operations popular programming results vulnerabilities vulnerability zscaler

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Update: file-magic.py Version 0.0.8 11 hours ago | malware.news

article didier didier stevens file +11

Ticketmaster confirms customer data breach 15 hours ago | malware.news

breach cloud cloud database customer +18

What the Biggest-Ever Botnet Takedown Means 1 day, 12 hours ago | malware.news

botnet distribution financial industrial +5

Okta Cross-origin Authentication Feature in Customer Identity Cloud Targeted in Credential Stuffing Attacks 1 day, 13 hours ago | malware.news

access attacks authentication cloud +22

OpenAI report reveals threat actors using ChatGPT in influence operations 1 day, 13 hours ago | malware.news

article campaigns chatgpt disruption +12

Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud 1 day, 14 hours ago | malware.news

android android app app bahrain +17

Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins 1 day, 14 hours ago | malware.news

article attacks bugs fastly +11

Senator Calls for FTC, SEC Probe Into UnitedHealth’s ‘Negligence’ in Breach 1 day, 15 hours ago | malware.news

article attack board breach +17

Vulnerability impacting Check Point Network Security Gateways (CVE-2024-24919) 1 day, 15 hours ago | malware.news

article canadian canadian centre for cyber security check +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com