Some meme worthy vulnerabilities like unauthenticated root ADB access, don’t worry its not enabled by default. But the request to enable it doesn’t require authentication.
Gatekeeper would misclassify certain types of applications allowing them to run without any restriction. Specifically you can cause a confusion in the policy engine regarding whether the app is bundled or not...
Brave when configuring its File Provider exposes all files form its public and private directory. This means an app could trigger a download a Brave’s cookie database by making a request to the content:// url for it and have it downloaded into the Downloads folder where any app could read it.
`/proc//syscall` fills in a `struct syscall_info` using an architecture specific implementation.The structure has a `u64[6]` for argument registers to be put into...
Two vulns related to properties on a DirectComposition buffer.Adding a new property it adds it, then checks some values and potentially returns an error before finalizing, but the property gets added...
**tl;dr** Cleverly crafting a packet with a large header+options length could cause a null dereference. The net buffer would be created with DataSize=uint16_t(length), but it would attempt to read with size=length (no truncation), which would result in an error case and a null return.
**Tl;dr** Grammarly will add users to the wrong organization if an attacker creates an org with an entityId that matches the victim’s but with extra whitespace at the end.
Two 2FA bypassing, one based on auth state not being tied to the user's session, the other involved swapping a transaction id to trick the server into thinking the attacker's 2FA acceptance was the victim's.