RIPEDA cares about security and as such we’re also proactive in finding vulnerabilities in both your operating systems and 3rd party applications you may use.
Here’s a small sample of our recent vulnerability research:
| Reference ID | Product | Affected Versions | Description |
|---|---|---|---|
| ________________ | ____________________________ | ____________________ | ____________________ |
| CVE-2024-27822 | macOS | 14.4.1 and older | Local Privilege Escalation |
| CVE-2024-34331 | Parallels Desktop | 19.3.0 and older | Local Privilege Escalation |
| CVE-2024-4395 | Jamf Compliance Editor | 1.3.0 and older | Local Privilege Escalation |
| CVE-2024-25545 | Weave Desktop | Unresolved | Arbitrary Code Execution |
| Synology-SA-24:05 | Synology Surveillance Station Client | 2.1.3-2474 and older | Arbitrary Code Execution |
| CVE-2024-23755 | ClickUp Desktop App | 3.3.76 and older | Arbitrary Code Execution |
| CVE-2023-50975 | TD Advanced Dashboard | 3.0.3 and older | Arbitrary Code Execution |
| CVE-2023-7245 | OpenVPN | 3.4.7 and older | Arbitrary Code Execution |
| CVE-2023-44077 | ShareBrowser XPC Services | 6.1.5.27 and older | Local Privilege Escalation |
RIPEDA Consulting is committed to responsible disclosures of security vulnerabilities we discover. This is why we follow Google’s Project Zero guidelines for responsible disclosures, specifically the 90+30 disclosure deadline policy.
What this means is that a vendor has 90 days after being initially notified about a security vulnerability to make a patch available to users. If they make a patch available within 90 days, RIPEDA will publicly disclose details of the vulnerability 30 days after the patch has been made available to users. If a vendor cannot patch an issue within the initial 90 days, RIPEDA will make the details of the vulnerability public at the end of the 90 days.
This ensures that vendors are given a reasonable amount of time to fix the issue before it is made public, users have time to update and those same users are informed about the issue in a timely manner. This ensures vendors are held accountable for the security of their products, and that users are protected from known security vulnerabilities.
If you have discovered a security vulnerability in one of our products or infrastructure, please report it to us immediately. You can do so by emailing us at info@ripeda.com. Please include as much detail as possible in your report, including the steps to reproduce the vulnerability, the affected versions of the product, and any other relevant information.
