all InfoSec news
Escaping misconfigured VSCode extensions
Malware Analysis, News and Indicators - Latest topics malware.news
TL;DR: This two-part blog series will cover how I found and disclosed three vulnerabilities in VSCode extensions and one vulnerability in VSCode itself (a security mitigation bypass assigned CVE-2022-41042 and awarded a $7,500 bounty). We will identify the underlying cause of each vulnerability and create fully working exploits to demonstrate how an attacker could have compromised your machine. We will also recommend ways to prevent similar issues from occurring in the future.
A few months ago, I decided to assess …
blog bounty bypass compromised cve cve-2022-41042 exploits extensions future identify machine mitigation security series vscode vulnerabilities vulnerability working