Vulnerabilities tagged "background"

Relatively straight forward oauth hijack/account takeover flow with one interesting aspect in actually performing the login with the hijacked OAuth code.

A long, fairly beginner friendly post about attacking a Bluetooth lock, there is a lot of process information here as it was an intern's research project. What the vulnerability comes down to though is a lack of any real authoization checking instead only validating the integrity (poorly!) of the request and trusting the app did all the heavy lifting.

The vulnerability here isn't too interesting, just a case of user-input being reflected into a header without sanitizing new-lines (CrLf injection). What is interesting is how they leverage this header injection primitive to bypass Akamai's web application firewall.

A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2 million BNB ($586 Million USD at time of the original theft).

**tl;dr** Android Parcels have their own memory pool rather than being free'd all the way back to the general Java memory pool. This custom memory management, combined with a bug resulting in a dangling reference in a Parcel to an older version of the parcel creates a "use-after-free" like situation

A post on exploiting a bug that Jann Horn discovered in the linux kernel's memory management (MM) subsystem.The bug isn't detailed in this post and is fairly complex (there is a project zero bug report but it's difficult to understand without deep knowledge of MM internals), though they state it will be written up in a future blogpost...

Oversecured pointed their code-scanning tool at discovering issues in vendor patches to the Android System APIs and found a number of places where Samsung introduces vulnerabilities.

An in-the-wild exploit chain was discovered that exploits three vulnerabilities in Samsung exynos devices running kernel 4.14.113. It consisted of one userland exploit in Samsung's custom clipboard provider, a kernel infoleak through their `sec_log` functionality, and finally a UAF in the Display Processing Unit (DPU) driver.

Plenty of background regarding even getting to a place to start hunting for bugs on this printer, leading up two heap based overflows in `pjcc_act_checkUserPassword2`, and some discussion about exploiting the DryOS heap allocator.

The majority of this post is going into background on Fuchsia and exploiting a fake vulnerability, there was one novel vulnerability that the author came across though.To obtain a KASLR bypass, the author thought to try and gain access to the kernel log for any pointers that might be leaked...