Clik here to view.
True Key: the not so uncommon story of a failed patch
In this blog post, we examine the vendor-supplied patch addressing CVE-2018-6661. The vulnerability was initially reported to Intel Security (McAfee) in June 2017 and disclosed publicly in April 2018....
View ArticleClik here to view.
To ../ or not to ../, that is the question
.codecolorer, .codecolorer *, .codecolorer-container, .codecolorer-container * { font: 1.2rem/1.2rem Monaco, Lucida Console, monospace; } Contributors: Grant Willcox and Gaurav Baruah Intro During our...
View ArticleHPE Intelligent Management Center: a case study on the reliability of...
.codecolorer, .codecolorer *, .codecolorer-container, .codecolorer-container * { font: 1.1rem/1.1rem Monaco, Lucida Console, monospace; } This post highlights several mistakes in the patches released...
View ArticleClik here to view.
Exploiting the Magellan bug on 64-bit Chrome Desktop
.codecolorer, .codecolorer *, .codecolorer-container, .codecolorer-container * { font: 1.1rem/1.1rem Monaco, Lucida Console, monospace; } Author: Ki Chan Ahn In December 2018, the Tencent Blade Team...
View ArticleClik here to view.
Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1
By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain browser exploit was successfully...
View ArticlePwn2Own 2019: Microsoft Edge Sandbox Escape (CVE-2019-0938). Part 2
By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of a logical vulnerability in the implementation of...
View ArticleClik here to view.
Patch-gapping Google Chrome
Patch-gapping is the practice of exploiting vulnerabilities in open-source software that are already fixed (or are in the process of being fixed) by the developers before the actual patch is shipped...
View ArticleA EULOGY FOR PATCH-GAPPING CHROME
Authors: István Kurucsai and Vignesh S Rao In 2019 we looked at patch gapping Chrome on two separate occasions. The conclusion was that exploiting 1day vulnerabilities well before the fixes were...
View ArticleClik here to view.
Firefox Vulnerability Research
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it was known publicly, and then our N-Day customers...
View ArticleClik here to view.
Firefox Vulnerability Research Part 2
By Arthur Gerkis and David Barksdale This series of posts makes public some old Firefox research which our Zero-Day customers had access to before it was known publicly, and then our N-Day customers...
View ArticleAnalysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC
By Sergi Martinez This post analyses CVE-2020-9715, a use-after-free vulnerability affecting several versions of the Adobe Acrobat and Adobe Acrobat Reader products. The vulnerability was discovered...
View ArticleAnalysis of a Heap Buffer-Overflow Vulnerability in Adobe Acrobat Reader DC
By Sergi Martinez In late June, we published a blog post containing analysis of exploitation of a heap-buffer overflow vulnerability in Adobe Reader, a vulnerability that we thought corresponded to...
View ArticleClik here to view.
Exploiting a use-after-free in Windows Common Logging File System (CLFS)
By Arav Garg Overview This post analyzes a use-after-free vulnerability in clfs.sys, the kernel driver that implements the Common Logging File System, a general-purpose logging service that can be...
View ArticleClik here to view.
Linux Kernel: Exploiting a Netfilter Use-after-Free in kmalloc-cg
By Sergi Martinez OverviewIt’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux...
View ArticleClik here to view.
Escaping Adobe Sandbox: Exploiting an Integer Overflow in Microsoft Windows...
By Michele Campa OverviewWe describe a method to exploit a Windows Nday vulnerability to escape the Adobe sandbox. This vulnerability is assigned CVE-2021-31199 and it is present in multiple Windows...
View ArticleClik here to view.
Google Chrome V8 ArrayShift Race Condition Remote Code Execution
By Javier Jimenez OverviewThis post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following versions of Chrome and...
View ArticleClik here to view.
Shifting boundaries: Exploiting an Integer Overflow in Apple Safari
By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing...
View ArticleClik here to view.
Safari, Hold Still for NaN Minutes!
By Vignesh Rao and Javier Jimenez IntroductionIn October 2023 Vignesh and Javier presented the discovery of a few bugs affecting JavaScriptCore, the JavaScript engine of Safari. The presentation...
View ArticleClik here to view.
Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution
By Javier Jimenez and Vignesh Rao OverviewIn this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched in...
View ArticleClik here to view.
Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu
By Oriol Castejón OverviewThis post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December...
View Article