Yair_Mizrahi

Yair Mizrahi

JFrog Senior Security Researcher

Yair Mizrahi is a Senior Vulnerability Researcher at JFrog Security. Mizrahi has over a decade of experience and specializes in vulnerability research and reverse engineering. He is responsible for discovering and analyzing emerging security vulnerabilities. In addition, Mizrahi discovered various zero-days and exploited multiple zero-clicks as an Android vulnerability researcher.

The Latest From Yair Mizrahi

  • Unix CUPS Unauthenticated RCE Zero-Day Vulnerabilities (CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177): All you need to know

    | 7 min read

    On September 23rd, Twitter user Simone Margaritelli (@evilsocket) announced that he has discovered and privately disclosed a CVSS 9.9 GNU/Linux unauthenticated RCE, which affects almost all Linux distributions, and that the public disclosure will happen on September 30th, Due to a suspected leak in the disclosure process, @evilsocket decided to advance the disclosure, and on…

    Read More  
  • *nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 2 of 2

    | 15 min read

    The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…

    Read More  
  • *nix libX11: Uncovering and exploiting a 35-year-old vulnerability – Part 1 of 2

    | 14 min read

    The JFrog Security research team has recently discovered two security vulnerabilities in X.Org libX11, the widely popular graphics library - CVE-2023-43786 and CVE-2023-43787 (with a high NVD severity CVSS 7.8). These vulnerabilities cause a denial-of-service and remote code execution. X11’s latest versions contain fixes for these vulnerabilities. The team constantly monitors open-source projects to find…

    Read More  
  • SSH protocol flaw – Terrapin Attack CVE-2023-48795: All you need to know

    | 13 min read

    The SSH Terrapin attack (CVE-2023-48795) has recently caught attention, targeting the SSH protocol security by truncating cryptographic information. The inherent flaw in the SSH protocol itself affects a wide range of SSH client and server implementations. Following our initial research communication, this post will detail its fundamentals and impact. Affected Implementations Terrapin Attack Exploitation Impacts…

    Read More  
  • N-Day Hijack: Analyzing the lifespan of package hijacking attacks

    | 8 min read

    Software package hijacking has become a prominent concern for individuals, businesses, and the cybersecurity community at large. We’ve seen this new threat trend rise over the past couple of years, with the potential to severely impact the software supply chain by attackers exploiting software packages to execute malicious code. This blog post details a case…

    Read More  
  • CVE-2023-38545 & CVE-2023-38546 Curl and libcurl Vulnerabilities: All you need to know

    | 7 min read

    Update - October 11, 2023: This blog has been updated to include all the details that have been published about the vulnerabilities. On Wednesday, October 4th 2023, Daniel Stenberg, one of Curl’s core maintainers announced that a forthcoming release of Curl, version 8.4.0, is scheduled to be available on October 11th 2023 at approximately 06:00…

    Read More  
  • Spring WebFlux – CVE-2023-34034 – Write-Up and Proof-of-Concept

    | 7 min read

    Spring Security's newly released versions contain a fix for a broken access control vulnerability - CVE-2023-34034 - which was given a critical NVD severity (CVSS 9.8) and a high severity by Spring’s maintainers. Given the severe potential impact of the vulnerability on Spring WebFlux applications (that use Spring Security for authentication and access control), its…

    Read More  
  • Examining OpenSSH Sandboxing and Privilege Separation – Attack Surface Analysis

    | 18 min read

    The recent OpenSSH double-free vulnerability - CVE-2023-25136, created a lot of interest and confusion regarding OpenSSH’s custom security mechanisms - Sandbox and Privilege Separation. Until now, both of these security mechanisms were somewhat unnoticed and only partially documented. The double-free vulnerability raised interest for those who were affected and those controlling servers that use OpenSSH.…

    Read More  
  • OpenSSH Pre-Auth Double Free CVE-2023-25136 – Writeup and Proof-of-Concept

    | 8 min read

    OpenSSH's newly released version 9.2p1 contains a fix for a double-free vulnerability. Given the severe potential impact of the vulnerability on OpenSSH servers (DoS/RCE) and its high popularity in the industry, this security fix prompted the JFrog Security Research team to investigate the vulnerability. This blog post provides details on the vulnerability, who is affected,…

    Read More