WebKit - User-agent Shadow root Leak in WebCore::ReplacementFragment::ReplacementFragment

ReplacementFragment::insertFragmentForTestRenderingNode rootEditableElement auto holder = createDefaultParagraphElementdocument; holder-appendChildmfragment; rootEditableElement-appendChildholder; // 2 document.updateLayoutIgnorePendingStylesheets; return holder;...

WebKit - Universal XSS Using Cached Pages Exploit

VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child = mframe.tree.lastChild; child; child =...

About the security content of iOS 12.4.2

About the security content of iOS 12.4.2 This document describes the security content of iOS 12.4.2. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

A Password-Exposing Bug Was Purged From LastPass

Google Project Zero found and reported a flaw in the widely used password manager...

LastPass Fixes Bug That Leaks Credentials

LastPass has patched a bug that could potentially allow malicious websites to access a web user’s credentials from a previously visited site. Tavis Ormandy, a vulnerability researcher from Google Project Zero, discovered the flaw in the LastPass password manager and published it on the project’s...

About the security content of tvOS 12.4.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. Apple security documents reference...

Beers with Talos Ep. #61: Hacking for good is a bad idea

Beers with Talos BWT Podcast episode No. 61 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Aug. 30, 2019: In this extra-sized episode, we cover a lot, starting with Retadup, and discussing the intricate...

Massive iPhone Hack Targets Uyghurs

China is being blamed for a massive surveillance operation that targeted Uyghur Muslims. This story broke in waves, the first wave being about the iPhone. Earlier this year, Google's Project Zero found a series of websites that have been using zero-day vulnerabilities to indiscriminately install...

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...

Google Uncovers How Just Visiting Some Sites Were Secretly Hacking iPhones For Years

Beware Apple users! Your iPhone can be hacked just by visiting an innocent-looking website, confirms a terrifying report Google researchers released earlier today. The story goes back to a widespread iPhone hacking campaign that cybersecurity researchers from Google's Project Zero discovered...

A very deep dive into iOS Exploit chains found in the wild

Posted by Ian Beer, Project Zero Project Zero’s mission is to make 0-day hard. We often work with other companies to find and report security vulnerabilities, with the ultimate goal of advocating for structural security improvements in popular systems to help protect people everywhere. Earlier th...

About the security content of tvOS 12.4.1

About the security content of tvOS 12.4.1 This document describes the security content of tvOS 12.4.1 About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Exploit for Path Traversal in Ivanti Connect_Secure

CVE-2019-11510-poc Pulse Secure SSL VPN pre-auth file reading...

Google Discloses 20-Year-Old Unpatched Flaw Affecting All Versions of Windows

Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call ALPC. A Google security researcher has just disclosed details of a...

Google Chrome 74.0.3729.0 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability

Google Chrome 74.0.3729.0 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability iterating&iteratinglisteners, true; for auto& listenerref : availabilitylisteners auto listener = listenerref.get; if !listener-urls.Containsurl continue; auto screenavailabilit...

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free Exploit

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability iterating&iteratinglisteners, true; for auto& listenerref : availabilitylisteners auto listener = listenerref.get; if !listener-urls.Containsurl continue; auto...

Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability

iterating&iteratinglisteners, true; for auto& listenerref : availabilitylisteners auto listener = listenerref.get; if !listener-urls.Containsurl continue; auto screenavailability = GetScreenAvailabilitylistener-urls; DCHECKscreenavailability != mojom::blink::ScreenAvailability::UNKNOWN; for auto...

Exploit for CVE-2019-13272

CVE-2019-13272 The exploit for CVE-2019-13272 Vulnerabi...

Apple Patches iMessage Bug That Bricks iPhones with Out-of-Date Software

Apple patched a high-severity iMessage bug found by Google Project Zero that can be exploited by an attacker who sends a specially-crafted message to a vulnerable iOS device. Those iPhones receiving the malicious message are rendered inoperable, or bricked. Apple patched the bug with the release ...

Chakra vulnerability debugging notes 1--ImplicitCall-vulnerability warning-the black bar safety net

Chakra is Microsoft's next-generation browser, Microsoft Edge the Javascript parsing engine, 继承自IE浏览器的jscript9.dll and on GitHub open source for ChakraCore it. Chakra since open source has become a Windows platform vulnerability discovery one of the main goals, is also everyone to learn binary...