Vulnerabilities tagged 'background'

Capability Check Bypass in Fuchsia OS

The majority of this post is going into background on Fuchsia and exploiting a fake vulnerability, there was one novel vulnerability that the author came across though.To obtain a KASLR bypass, the author thought to try and gain access to the kernel log for any pointers that might be leaked…

 

FORCEDENTRY: Sandbox Escape

Follow-up to the December post which covered an int overflow in the CoreGraphics PDF parser for the JBIG2 image format, which implemented a weird machine / mini architecture to execute code. This post covers the sandbox escape that was chained with it, which unlike the first bug, is a logic issue rather than a memory corruption.

 

Page-level Overflow in esp6 Linux Kernel Module

The vulnerability here is a fairly straightforward overflow in the esp6 crypto module.When receiving messages, an 8-page buffer is allocated for the incoming data, but it’s possible for messages to be sent that exceed 8 pages in size…

 
1
2
3
4