4 matches found
Auditing Apple'S DifferentialPrivacy.Framework: Implementation Bugs, Misconfigurations, and Practical Risks
Since 2016, Apple has claimed that device analytics collected to improve user experience are protected by differential privacy DP. Apple's DifferentialPrivacy.framework is deployed across its operating systems and handles sensitive signals such as Safari domains, keyboard events, photo attributes...
Electronegativity - Tool To Identify Misconfigurations And Security Anti-Patterns In Electron Applications
Electronegativity is a tool to identify misconfigurations and security anti-patterns in Electron-based applications. It leverages AST and DOM parsing to look for security-relevant configurations, as described in the "Electron Security Checklist - A Guide for Developers and Auditors" whitepaper...
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys tcpip.sys
Microsoft Windows 7 Kernel - Pool-Based Out-of-Bounds Reads Due to bind Implementation Bugs in afd.sys tcpip.sys Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1127 We have identified two related bugs in Windows kernel code responsible for implementing the bind socket function,...
CVE-2006-4023
CVE-2006-4023 : The issue concerns the ip2long function in PHP 5.1.4 and earlier, which may incorrectly validate an arbitrary string and return a valid network IP address. This can enable remote attackers to obtain network information and facilitate other attacks, as demonstrated via SQL injectio...