security-research

This blog post is an in-depth walkthrough on how we perform security research leveraging GitHub features, including code scanning, CodeQL, and Codespaces. The post Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting appeared first on The GitHub Blog.

In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that allows a malicious app to gain arbitrary kernel code execution and root on an Android phone. I’ll show how this vulnerability can be exploited even when Memory Tagging Extension (MTE), a powerful mitigation, is enabled on the device. The post Gaining kernel code execution on an MTE-enabled Pixel 8 appeared first on The GitHub Blog.

Learn about how we run a scalable vulnerability management program built on top of GitHub. The post Scaling vulnerability management across thousands of services and more than 150 million findings appeared first on The GitHub Blog.

This blog post describes two linked vulnerabilities found in Frigate, an AI-powered security camera manager, that could have enabled an attacker to silently gain remote code execution. The post Securing our home labs: Frigate code review appeared first on The GitHub Blog.

The GitHub Security Lab examined the most popular open source software running on our home labs, with the aim of enhancing its security. Here's what we found and what you can do to better protect your own smart home. The post Securing our home labs: Home Assistant code review appeared first on The GitHub Blog.

Learn the basics of CodeQL and how to use it for security research! In this blog, we will teach you how to leverage GitHub’s static analysis tool CodeQL to write custom CodeQL queries.