RIPEDA Consulting

In-House Security Research

In-house Security Research

RIPEDA cares about security and as such we’re also proactive in finding vulnerabilities in both your operating systems and 3rd party applications you may use.

Here’s a small sample of our recent vulnerability research:

Reference IDProductAffected VersionsDescription
____________________________________________________________________________________
CVE-2024-27822macOS14.4.1 and olderLocal Privilege Escalation
CVE-2024-34331Parallels Desktop19.3.0 and olderLocal Privilege Escalation
CVE-2024-4395Jamf Compliance Editor1.3.0 and olderLocal Privilege Escalation
CVE-2024-25545Weave DesktopUnresolvedArbitrary Code Execution
Synology-SA-24:05Synology Surveillance Station Client2.1.3-2474 and olderArbitrary Code Execution
CVE-2024-23755ClickUp Desktop App3.3.76 and olderArbitrary Code Execution
CVE-2023-50975TD Advanced Dashboard3.0.3 and olderArbitrary Code Execution
CVE-2023-7245OpenVPN3.4.7 and olderArbitrary Code Execution
CVE-2023-44077ShareBrowser XPC Services6.1.5.27 and olderLocal Privilege Escalation
    

Responsible Disclosures

RIPEDA Consulting is committed to responsible disclosures of security vulnerabilities we discover. This is why we follow Google’s Project Zero guidelines for responsible disclosures, specifically the 90+30 disclosure deadline policy.

What this means is that a vendor has 90 days after being initially notified about a security vulnerability to make a patch available to users. If they make a patch available within 90 days, RIPEDA will publicly disclose details of the vulnerability 30 days after the patch has been made available to users. If a vendor cannot patch an issue within the initial 90 days, RIPEDA will make the details of the vulnerability public at the end of the 90 days.

This ensures that vendors are given a reasonable amount of time to fix the issue before it is made public, users have time to update and those same users are informed about the issue in a timely manner. This ensures vendors are held accountable for the security of their products, and that users are protected from known security vulnerabilities.

Reporting Security Vulnerabilities

If you have discovered a security vulnerability in one of our products or infrastructure, please report it to us immediately. You can do so by emailing us at info@ripeda.com. Please include as much detail as possible in your report, including the steps to reproduce the vulnerability, the affected versions of the product, and any other relevant information.