5 matches found
CVE-2020-9870
CVE-2020-9870 is a WebKit/JavaScriptCore-related logic issue that allowed bypassing exploit mitigations (StructureID randomization, the Gigacage, and PAC/APRR) to achieve arbitrary memory read/write. The published material describes bypassing StructureID checks via crafted JSArray/JSCell headers,...
CVE-2020-9870
creationtimestamp| type| source ---|---|--- 2020-09-04 14:07:52+00:00| published-proof-of-concept| https://t.me/R0Crew/1782...
JITSploitation II: Getting Read/Write
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
JITSploitation III: Subverting Control Flow
Posted by Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed i...
JITSploitation I: A JIT Bug
By Samuel Groß, Project Zero This three-part series highlights the technical challenges involved in finding and exploiting JavaScript engine vulnerabilities in modern web browsers and evaluates current exploit mitigation technologies. The exploited vulnerability, CVE-2020-9802, was fixed in iOS...