Search the Community
Showing results for tags 'issue'.
-
XNU vm_map_copy optimization which requires atomicity is not atomic. This violates the semantics of mach message OOL memory, and leads to TOCTOU issues which can lead to memory corruption. View the full article
-
- xnu
- vm_map_copy
-
(and 2 more)
Tagged with:
-
Exploits SSHtranger Things SCP Client File Issue
1337day-Exploits posted a topic in Updated Exploits
SCP clients have an issue where additional files can be copied over without your knowledge. View the full article-
- sshtranger
- things
- (and 4 more)
-
In Microsoft Edge, the JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it is essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise it might not work properly. The problem is, it does not restore the previous status of the flag after the call. As setting the flag can prevent stack-allocated objects from leaking, this clearing-the-flag bug can lead to a stack-based use-after-free. View the full article
-
WebKit JIT int32/double arrays can have proxy objects in the prototype chains. View the full article
-
XNU POSIX has an issue where shared memory mapping have an incorrect maximum protection. View the full article