Jajj anyám, még ez is
Originally shared by François Simond (supercurio)
Android high privileges exploit from Chrome
A Chinese security researcher presented an exploit leading to privilege escalation from simple website, through a V8 Javascript VM vulnerability.
This is the most critical type of vulnerability you can expect, since a payload can reach millions of users in very little time through a malicious ad, one thing the web appear to have the most difficulty avoiding even on reputable websites.
This presentation happened during the Japanse conference named PacSec, from a speaker named Guang Gong.
The page https://pacsec.jp/speakers.html lists his intervention as:
"Exploiting Heap Corruption due to Integer Overflow in Android libcutils -- Escalate privilege by vulnerabilities in Android system services" Guang Gong, Qihoo 360,@oldfresher
How to exploit CVE20151528 to get system_server permission in Android.
You can wait until the patch reaches Google Chrome stable at some point - and it will be worth tracking when since the disclosure was made responsibly.
If security is of high importance for you Mozilla Firefox might be a strong alternative today.
Note:
The Register: I know, not the best source, feel free to suggest others on this one ;)
Via Engadget
#supercurioBlog #security
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own/
Originally shared by François Simond (supercurio)
Android high privileges exploit from Chrome
A Chinese security researcher presented an exploit leading to privilege escalation from simple website, through a V8 Javascript VM vulnerability.
This is the most critical type of vulnerability you can expect, since a payload can reach millions of users in very little time through a malicious ad, one thing the web appear to have the most difficulty avoiding even on reputable websites.
This presentation happened during the Japanse conference named PacSec, from a speaker named Guang Gong.
The page https://pacsec.jp/speakers.html lists his intervention as:
"Exploiting Heap Corruption due to Integer Overflow in Android libcutils -- Escalate privilege by vulnerabilities in Android system services" Guang Gong, Qihoo 360,@oldfresher
How to exploit CVE20151528 to get system_server permission in Android.
You can wait until the patch reaches Google Chrome stable at some point - and it will be worth tracking when since the disclosure was made responsibly.
If security is of high importance for you Mozilla Firefox might be a strong alternative today.
Note:
The Register: I know, not the best source, feel free to suggest others on this one ;)
Via Engadget
#supercurioBlog #security
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own/
Megjegyzések
Megjegyzés küldése