Talos discovered four #vulnerabilities in Ichitaro, a popular word processing software in Japan, that could lead to code execution. Details on the patch and a breakdown of the potential exploits here https://blog.talosintelligence.com/vuln-spotlight-justsystems-ichitaro/

#vulndev #infosec #CyberSecurity

Wrote a fun little tool for javascript engine vulnerability proof-of-concept minimization.

(built on top of the REPRL code from Fuzzilli)

https://github.com/anvbis/trivialize

#chrome #chromium #v8 #fuzzing #fuzzilli #vulndev #security

Two vulnerabilities O disclosed to @msftsecresponse got patched today. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 and https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23416. Both are are RCE and given critical severity. The first is a pre-auth vuln in ICMP.

From the bulletin:

How could an attacker exploit this vulnerability?

An attacker could send a low-level protocol error containing a fragmented IP packet inside another ICMP packet in its header to the target machine. To trigger the vulnerable code path, an application on the target must be bound to a raw socket.

#patchtuesday #vulndev #rce

Exploring Historical V8 Heap Sandbox Escapes I

In anticipation of the future implementation of CFI on `code_entry_point` fields within function objects, I wanted to explore some patched sandbox escapes that have been found in the past.

https://anvbis.au/posts/exploring-historical-v8-heap-sandbox-escapes-i/

#chrome #chromium #v8 #vulndev #security #infosec

A privilege elevation bug I reported to #msrc just got fixed: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21688

Will give a few more details once people have enough time to patch, but it allows LPE from any process. #cve202321688 #patchtuesday #vulndev

Binder VMA bug from projectzero just unrestricted: https://bugs.chromium.org/p/project-zero/issues/detail?id=2374
CVE-2023-20928 #binder #android #vulndev #exploitdev

Root Cause Analysis of CVE-2021-21224

https://anvbis.au/posts/root-cause-analysis-of-cve-2021-21224/

#chrome #chromium #v8 #vulndev #vulnerability #security #infosec

Root Cause Analysis of CVE-2021-21224

An incorrect optimization in TurboFan’s representation changer results in Int64 values being erroneously truncated to Int32 values.

https://anvbis.au/posts/root-cause-analysis-of-cve-2021-21224/

#chrome #chromium #v8 #vulndev #vulnerability #security #infosec

AIX rather helpfully sticks all your function parameters into registers so I've just ported grace.sh to AIX for better bug hunting. Writing up my notes as I go, but hoping to drop a write up of CVE-2022-36768 out this evening, fingers crossed. #vulndev

I'm struggling to find time to learn IDA, (I have a 70hr wk job) . Great list of tools for #vulndev i'd like to explore if I ever get ... laid off? idk
https://www.sentinelone.com/labs/top-15-essential-malware-analysis-tools/

Google Project Zero discloses 5 exploitable vulns in Androids Mali GPU driver leading to LPE and mitigation bypasses found by @jann. Most phones with Mali GPU including Pixel, Samsung, etc still vuln ..

Current issue seems to be that most phone vendors have not shipped drivers AMD patched months ago. Hopefully the public exposure will pressure the vendors to ship updates since any attackers/spyware shops monitoring AMD patches would already have knowledge of these vulnerabilities.

For researchers, this is a nice way to get full system access for further #vulndev

https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html

@richinseattle There was a thread somewhere about hashtags on mastodon, and how camel case is better for screen readers. Can we make it #VulnDev? The hashtag itself is not case sensitive I think.

Hello World of Mastodon.
Putting my tags out there in case you want to follow, hopefully rebuilding a list of contacts from the bird app.
#gaming #infosec #appsec #redteam #blueteam #dfir #devsecops #vulndev

I made an account on here for Blackwing Intelligence: @Blackwing

We’ll use it to post research, announcements, etc. Stay tuned! 😊

#vulndev

re: mastodon tags .. I use the term #vulndev as an all encompassing label for vuln research, exploit dev, offsec tool dev, reverse engineering, etc.

For those unfamiliar, this is short for "Vulnerability Development" comes from the old vuln-dev mailing list.

Give this post a like if you also use or would use #vulndev or comment if there are preferred alternatives.

Vulnerability Spotlight: Multiple vulnerabilities in Synology SRM (Synology Router Manager) -  

Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Claudio Bozzato and Jo... http://feedproxy.google.com/~r/feedburner/Talos/~3/isYYpA06xvg/vulnerability-spotlight-multiple.html #vulnspotlight #snortrules #vulndev #iot

90 days, 16 bugs, and an Azure Sphere Challenge - Cisco Talos reports 16 vulnerabilities in Microsoft Azure Sphere's sponsored research challenge.
By ... http://feedproxy.google.com/~r/feedburner/Talos/~3/n4-X8h4AfAA/Azure-Sphere-Challenge.html #informationdisclosure #unsignedcodeexecution #vulnerabilityanalysis #privilegeescalation #denialofservice #microsoftazure #vulnspotlight #vulnerability #vulndev #talos

Vulnerability Spotlight: Two buffer overflow vulnerabilities in OpenCV - Dave McDaniel of Cisco Talos discovered these vulnerabilities.Cisco Talos recently discovered two bu... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/vckfUa6DgHA/opencv-buffer-overflow-dec-2019.html #vulnerabilityresearch #vulnerabilityreport #talos-2019-0852 #talos-2019-0853 #vulnerabilities #cve-2019-5063 #cve-2019-5064 #vulndev #opencv #json #xml

Vulnerability Spotlight: Apple Safari SVG marker element baseVal remote code execution vulnerability - Marcin Towalski of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.Apple’s Safari web... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/TfVMkh4f9Ww/apple-safari-SVG-DOS-dec-19.html #vulnerabilityspotlight #vulnerabilityresearch #vulnerabilities #applebugs #vulndev #vulndev #safari #webkit #apple #bugs

Vulnerability Spotlight: Kakadu Software SDK ATK marker code execution vulnerability - Aleksandar Nikolic and Emmanuel Tacheau of Cisco Talos discovered this vulnerability. Blog by Jon Mu... more: http://feedproxy.google.com/~r/feedburner/Talos/~3/nhhNcuAARyo/vulnerability-spotlight-kakadu-software.html #vulnerabilityadvisories #vulnerabilityspotlight #vulnerabilityresearch #vulnerabilityreport #kakadusoftware #vulndev #kakadu