Apple Patches Two iOS Zero-Days Abused for Years
Researchers revealed two zero-day security vulnerabilities affecting Apple’s stock Mail app on iOS devices. Continue reading Apple Patches Two iOS Zero-Days Abused for Years
Category Archives: Heap Overflow
memcpy() in device/program with jemalloc allocator does not crash
Managed to get signed length value to memcpy()
02-16 01:44:49.096 6423 6471 W bt_hci_packet_fragmenter: reassemble_and_dispatch reassemble_and_dispatch
02-16 01:44:49.096 6423 6471 W bt_hci_packet_fragmenter: reassemble_and_dispatch p… Continue reading memcpy() in device/program with jemalloc allocator does not crash
Can a heap/mmap buffer overflow overwrite the stack
The following questions regard linux processes with a stack that grows downwards from the end of the process memory.
If I have a buffer overflow on the heap with unlimited size, are there any protection against me overwriting the entire … Continue reading Can a heap/mmap buffer overflow overwrite the stack
Obtaining code execution from use after free?
Can somebody advise how to exploit this use after free bug on a high level, if this is even possible? Low level (detailed advice) would also be great.
How to obtain code execution here?
The bug is simulated and this is do… Continue reading Obtaining code execution from use after free?
Exploitation tactics for heap over-reading?
One of recent CVEs particularly 2019-13615 related to VLC media player, attracted my attention because of the developer reaction:
Any non-exploitable read overflow get CVSS of 9.8, like VLC is a server and you could do RC… Continue reading Exploitation tactics for heap over-reading?
Microsoft Outlook Vulnerability CVE-2018-8587 – How likely is exploitation?
I found an interesting blog post A Deep Analysis of the Microsoft Outlook Vulnerability CVE-2018-8587 about Microsoft Outlook heap buffer overflow vulnerability where is described how Microsoft Outlook can be exploited by usi… Continue reading Microsoft Outlook Vulnerability CVE-2018-8587 – How likely is exploitation?
What is Return-Oriented Programming? [on hold]
With return-oriented programming, when we fill a buffer with the stack contents (arguments and return addresses) for the function calls we plan on “injecting,” how do we actually change the stack pointer to point to this buff… Continue reading What is Return-Oriented Programming? [on hold]
Heap bugs – extinct now?
I’ve been practicing some computer security courses lately, and I’m bugged by one specific heap overflow that just doesn’t work for me. Taken from The Shellcoder’s handbook, chapter 5.
While doing my homework, I’ve come acro… Continue reading Heap bugs – extinct now?
Need help in exploiting an overflow on Linux [on hold]
There is a 32-bit linux application. It’s possible to overwrite EIP easily. I will call this process: “send a string”.
It’s also possible to send about 10000 custom bytes to heap (it’s possible to send a float, and I can sen… Continue reading Need help in exploiting an overflow on Linux [on hold]
SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow
Vulnerabilities Summary QuartzCore ( https://developer.apple.com/documentation/quartzcore ), also known as CoreAnimation, is a framework use by macOS and iOS to build an animatable scene graph. CoreAnimation uses a unique rendering model where the grap… Continue reading SSD Advisory – iOS/macOS Safari Sandbox Escape via QuartzCore Heap Overflow