The in-the-wild exploit is attributed to NSO. See more here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1942#c7 …
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Nice work. I didn't see mention of Pixel XL or other Pixel models. Are they affected as well?
-
Yes, Pixel 1 and 2 (and XL). Not Pixel 3 (XL) and 3as. For other OEMs I did source code review of the devices listed in the issue, but most Android devices pre-Fall 2018 are affected.
Kraj razgovora
Novi razgovor -
-
-
Is the list debug also getting enabled? We added that to the kernel primarily to hinder double free and use after free exploits... surprised it was not on already
-
Novi razgovor -
-
-
Congrats. That explains a part of one of the meetings I attended
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
for whatever reason, when someone says ... privilege ... escalation/bug/exploit/abuse, I always say "check your privilege" in my head to myself, with a stern math teacher tone.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
I suspect the Nexus 6P is not vulnerable? The poc gets stuck at `writev() returns 0x1000`.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Is it fair to say that many of the affected devices won't be patched because of short-lived vendors' update policies?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.