Pretty sick... potential for exploitation through iMessage/SMS! - Apple Remote Code Execution With Image Files http://blog.talosintel.com/2016/07/apple-image-rce.html …
-
-
@antisnatchor@flyryan@daveaitel note that commcenter no longers run as root but as '_wireless' -
Thanks! It's been a long time since anyone I know has looked at CommCenter.
End of conversation
New conversation -
-
-
We do have a safari exploit, iMessage vector is there but no public infoleak technique. no keychain, browser mem
-
even what is 'public' from the StageF stuff is still via browser.No public PoCs ever via chat/SMS
End of conversation
New conversation -
-
-
'Stagefright could target code that wasn't protected by ASLR' - not really. The ASLR is just not very good.
-
'there is no code signing on Android' - there's verified boot. Apps have signatures but it's a different system.
-
'an exploit can use access to the shell in their payload' - for processes where that's allowed by SELinux policy
-
Is that the case for mediaserver? It doesn't have access to toolbox_exec or shell_exec. Doesn't seem like it.
-
And what does 'is significantly more constrained' mean? It would make sense if you compared to the past state.
-
And ASLR isn't only weak on Android. Windows (not specifically mobile) and iOS have their awful ASLR weaknesses.
-
Can bypass even a strong ASLR implementation. Google made it sound like it was a major barrier for mediaserver.
-
Sad part is that barely having any more of these media exploits is straightforward: use memory safe languages.
- 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.