In-House Security Research

In-house Security Research

RIPEDA cares about security and as such we’re also proactive in finding vulnerabilities in both your operating systems and 3rd party applications you may use.

Here’s a small sample of our recent vulnerability research:

Reference ID Product Affected Versions Description
________________ ____________________________ ____________________ ____________________
CVE-2024-27822 macOS 14.4.1 and older Local Privilege Escalation
CVE-2024-34331 Parallels Desktop 19.3.0 and older Local Privilege Escalation
CVE-2024-4395 Jamf Compliance Editor 1.3.0 and older Local Privilege Escalation
CVE-2024-25545 Weave Desktop Unresolved Arbitrary Code Execution
Synology-SA-24:05 Synology Surveillance Station Client 2.1.3-2474 and older Arbitrary Code Execution
CVE-2024-23755 ClickUp Desktop App 3.3.76 and older Arbitrary Code Execution
CVE-2023-50975 TD Advanced Dashboard 3.0.3 and older Arbitrary Code Execution
CVE-2023-7245 OpenVPN 3.4.7 and older Arbitrary Code Execution
CVE-2023-44077 ShareBrowser XPC Services and older Local Privilege Escalation

Responsible Disclosures

RIPEDA Consulting is committed to responsible disclosures of security vulnerabilities we discover. This is why we follow Google’s Project Zero guidelines for responsible disclosures, specifically the 90+30 disclosure deadline policy.

What this means is that a vendor has 90 days after being initially notified about a security vulnerability to make a patch available to users. If they make a patch available within 90 days, RIPEDA will publicly disclose details of the vulnerability 30 days after the patch has been made available to users. If a vendor cannot patch an issue within the initial 90 days, RIPEDA will make the details of the vulnerability public at the end of the 90 days.

This ensures that vendors are given a reasonable amount of time to fix the issue before it is made public, users have time to update and those same users are informed about the issue in a timely manner. This ensures vendors are held accountable for the security of their products, and that users are protected from known security vulnerabilities.

Reporting Security Vulnerabilities

If you have discovered a security vulnerability in one of our products or infrastructure, please report it to us immediately. You can do so by emailing us at Please include as much detail as possible in your report, including the steps to reproduce the vulnerability, the affected versions of the product, and any other relevant information.