Google Researcher Releases iOS Exploit—Could Enable iOS 11 Jailbreak

As promised last week, Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer...

Microsoft Windows 10 Creators Update version 1703 - Kernel Local Privilege Escalation Exploit

Microsoft Windows 10 Creators Update version 1703 x86 - 'WARBIRD' 'NtQuerySystemInformation ' Kernel Local Privilege Escalation / EDB Note Source https://gist.github.com/xpn/736daa4d1ff7b9869f4b3d1e9a34d315/ff2e2465d4a07588d0148dc87e77b17b41ef9d1d Source...

About the security content of Safari 11.0.1 - Apple Support

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page. For more information about security, se...

Remote Wi-Fi Attack Backdoors iPhone 7

Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the...

Google Researcher Publishes PoC Exploit for Apple iPhone Wi-Fi Chip Hack

You have now another good reason to update your iPhone to newly released iOS 11—a security vulnerability in iOS 10 and earlier now has a working exploit publicly available. Gal Beniamini, a security researcher with Google Project Zero, has discovered a security vulnerability CVE-2017-11120 in...

Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure

Microsoft Windows Kernel - nt!NtSetIoCompletion nt!NtRemoveIoCompletion Pool Memory Disclosure / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1269 We have discovered that the nt!NtRemoveIoCompletion system call handler discloses 4 bytes of uninitialized pool memory to user-mo...

Microsoft Windows Kernel - 'win32k.sys' '.TTF' Font Processing Out-of-Bounds Read with Malformed 'glyf' Table 'win32k!fsc_CalcGrayRow' (Denial of Service)

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1274 We have encountered a number of Windows kernel crashes in the win32k.sys driver while processing corrupted TTF font files: --- PAGEFAULTINNONPAGEDAREA 50 Invalid system memory was referenced. This cannot be protected by...

Microsoft Edge Chakra - Uninitialized Arguments (2)

void Parser::ParseFncFormalsParseNodePtr pnodeFnc, ParseNodePtr pnodeParentFnc, ushort flags ... if IsES6DestructuringEnabled && IsPossiblePatternStart ... // Instead of passing the STFormal all the way on many methods, it seems it is better to change the symbol type afterward. for ParseNodePtr...

Microsoft Edge 38.14393.1066.0 - textarea.defaultValue Memory Disclosure

Microsoft Edge 38.14393.1066.0 - textarea.defaultValue Memory Disclosure var n = 0; function go document.addEventListener"DOMNodeRemoved", eventhandler; eventhandler; function eventhandler n++; ifn==5 return; //prevent going into an infinite recursion t.defaultValue = "aaaaaaaaaaaaaaaaaaaa";...

Microsoft Edge 38.14393.1066.0 - 'textarea.defaultValue' Memory Disclosure

var n = 0; function go document.addEventListener"DOMNodeRemoved", eventhandler; eventhandler; function eventhandler n++; ifn==5 return; //prevent going into an infinite recursion t.defaultValue = "aaaaaaaaaaaaaaaaaaaa"; f.reset; aaa !-- ========================================= This seems to be t...

Cisco Patches Another Critical Ormandy Bug in WebEx Extension

Cisco has provided updates today for WebEx browser extensions for Chrome and Firefox after Google Project Zero researcher Tavis Ormandy and Divergent Security’s Cris Neckar privately disclosed a vulnerability that could be abused to remotely run code on a computer running the browser extension...

Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim's computer. Cisco WebEx is a popular communication tool for online...

CVE-2017-0283: Windows Uniscribe remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

The last“patch Tuesday”to fix the one named“USP10! MergeLigRecords in Windows Uniscrible font processing heap broken ring”RCE vulnerability. Many days after the Google Project Zero team of Mateusz Jurczyk released a PoC of the report. In the Windows of the library at the same time the presence of...

Virtuozzo 7 : firefox (VZLSA-2017-1106)

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Good Article About Google's Project Zero

Fortune magazine just published a good article about Google's Project Zero, which finds and publishes exploits in other companies' software products. I have mixed feeling about it. The project does great work, and the Internet has benefited enormously from these efforts. But as long as it is...

Microsoft Windows - USP10!ttoGetTableData Uniscribe Font Processing Out-of-Bounds Memory Read

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1199 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ttoGetTableData function, while trying to display text using a corrupted TTF font file: --...

Adobe Flash - Image Decoding Out-of-Bounds Read Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1215 The attached png file causes an out-of-bounds read when being decoded by flash. To reproduce the issue, put LoadImage.swf and read1.png on a server, and visit:...

Microsoft Windows - win32k!NtGdiMakeFontDir Kernel Stack Memory Disclosure Exploit

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1191 We have discovered that the win32k!NtGdiMakeFontDir system call discloses large portions of uninitialized kernel stack memory to user-mode clients. The attached proof of conce...

Adobe Flash - AVC Edge Processing Out-of-Bounds Read Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1212 The attached file causes an out-of-bounds read in avc edge processing. 0day.today 2018-04-02...

Adobe Flash - ATF Parser Heap Corruption Exploit

Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1216 The attached file causes heap corruption in the ATF parser. To reproduce the issue, copy atffree.atf and LoadImage.swf to a server, and visit...