Blog Security Research Exploiting SteelSeries' Subapplication Mechanism for Privilege Escalation Tomer Peled is a Security Researcher at Akamai. In his daily job, he conducts research ranging from vulnerability research to OS internals. In his free time, he likes to cook, do Krav Maga, and game on his PC. Executive summary \r\n Akamai security researcher Tomer Peled recently discovered two vulnerabilities in SteelSeries’ application. \r\n \r\n SteelSeries is a hardware company that manufactures computer peripherals and has more than 9 million customers worldwide. \r\n \r\n The vulnerabilities were assigned the CVE numbers CVE-2023-31461 and CVE-2023-31462. SteelSeries acted expeditiously to patch these vulnerabilities in May 2023. \r\n \r\n \r\n \r\n These vulnerabilities allow an attacker to execute code with higher privileges than initially obtained, and possibly with ADMIN privileges. To exploit these vulnerabilities, the attacker needs to send two local packets to a listening IPC server.…