McAfee Advanced Threat Research and JSOF Collaborate to Defend Against Exploitation of Ripple20 Vulnerabilities

LAS VEGAS--(BUSINESS WIRE)--BLACK HAT USA--McAfee Advanced Threat Research (ATR), a leading source for threat research, threat intelligence, and cybersecurity thought leadership, today announced a joint research effort with JSOF, who discovered and responsibly disclosed 19 zero-day vulnerabilities known by the name of Ripple20. Through this research collaboration, McAfee ATR has produced signatures and the industry’s first comprehensive detection logic, designed for network administrators and security personnel looking to further understand these vulnerabilities and defend against exploitation.

“At McAfee Advanced Threat Research we often advocate for collaboration; with this research effort we’ve highlighted just how effective it can be when we work together,” said Steve Povolny, head of McAfee ATR. “Shortly after the initial Ripple20 disclosure McAfee ATR and JSOF connected with a shared goal: combine the depth and breadth of McAfee’s expertise, as one of the world’s largest cybersecurity companies, with the talented vulnerability research team at JSOF to deliver substantive and actionable mitigations for the most critical disclosed vulnerabilities. Developed for network administrators, the detection logic and signatures were thoughtfully created to help address the most impactful vulnerabilities with a great amount of specificity, detecting problems at the root and taking into account practical situations and real-world considerations.”

“At JSOF we always strive to engage in cutting edge research, that will have a direct impact on the security community and the security of vendors and asset owners. We are happy to have been able to collaborate to achieve this goal and produce high-quality exploit detection signatures and logic that can be used by the entire community,” said Shlomi Oberman, CEO of JSOF. “These signatures and detection logic will help organizations better understand and protect against the Ripple20 vulnerabilities. The outcomes of this collaboration could only have been developed through JSOF as the vulnerability finders and experts together with the researchers at McAfee and their unique expertise and understanding of detection logic and the needs of asset owners. We hope that the industry sees more collaborations like this from all stakeholders going forward, to develop ways to prevent and mitigate future Ripple-effect supply chain vulnerabilities.

The Ripple20 vulnerabilities affect a variety of traditional and IoT devices manufactured by multiple vendors, the impact of which ranges from denial of service to full remote code exploitation over the internet. McAfee ATR focused on developing signatures and detection logic for the four most critical and likely to be exploited vulnerabilities, with the goal of supporting network administrators in determining if their environment contains the conditions required for an attack.

The vulnerabilities included in this research are:

• CVE-2020-11897 - Write out-of-bounds using Routing Header type 0
• CVE-2020-11901 - Integer Overflow in tfDnsExpLabelLength
• CVE-2020-11901 (Variant) - RDATA Length Mismatch in DNS CNAME Records
• CVE-2020-11896 - IPv4/UDP Tunneling Remote Code Execution

For more information visit https://github.com/advanced-threat-research/Ripple-20-Detection-Logic

Resources

• McAfee Advanced Threat Research
• Ripple20 Critical Vulnerabilities - Detection Logic and Signatures

About McAfee

McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. www.mcafee.com

About McAfee Advanced Threat Research

McAfee Advanced Threat Research is a leading source for threat research, threat intelligence, and cybersecurity thought leadership. With data from over a billion sensors across key threats vectors—file, web, message, and network—McAfee Advanced Threat Research delivers real-time threat intelligence, critical analysis, and expert thinking to improve protection and reduce risks.

About JSOF

JSOF is a leading research-oriented software security consultancy. JSOF’s services provide tailored solutions to help our clients meet all of their security challenges. Experts in both security research and secure engineering, JSOF has vast experience, and as a boutique firm, we are attentive to the particular needs of our clients, which include top-tier international companies.
https://www.jsof-tech.com/

McAfee® and the McAfee logo are trademarks of McAfee, LLC or its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others.