Twenty Year Anniversary
Showing 1 - 25 of 1,194 RSS Feed

Files from Google Security Research

First Active2000-02-18
Last Active2018-11-06
FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
MD5 | e1efd0319dcc1218c75d95f35d08574b
FaceTime VCPDecompressionDecodeFrame Memory Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.

tags | exploit
advisories | CVE-2018-4366
MD5 | 98ed8bf1539b036052ee59ec0d5239fd
FaceTime readSPSandGetDecoderParams Stack Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.

tags | exploit
advisories | CVE-2018-4367
MD5 | 17c8ace8d98479a7e023a22b0a94235c
gVisor runsc Guest -> Host Breakout Via Filesystem Cache Desync
Posted Oct 31, 2018
Authored by Jann Horn, Google Security Research

gVisor runsc suffers from a guest->host breakout via filsystem cache desync.

tags | advisory
MD5 | c5955d055e040d0690a596b137e3036d
Linux mremap() TLB Flush Too Late
Posted Oct 29, 2018
Authored by Jann Horn, Google Security Research

Linux has an issue where mremap() performs a TLB flush too late with concurrent ftruncate().

tags | exploit
systems | linux
advisories | CVE-2018-18281
MD5 | 662f158d83c31c10c9b25a7d01c09b0a
Chrome OS Ancient unrar In CAP_SYS_ADMIN Context
Posted Oct 29, 2018
Authored by Jann Horn, Google Security Research

Chrome OS runs an ancient unrar in CAP_SYS_ADMIN context.

tags | advisory
MD5 | 8fb9a08410a49c789a6cd995c55a1b9e
Libtiff Decodes Arbitrarilly-Sozed JBIG Into A Target Buffer
Posted Oct 26, 2018
Authored by Thomas Dullien, Google Security Research

libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size.

tags | exploit
advisories | CVE-2018-18557
MD5 | 1f65f444f30882af96c78320cb935028
Linux systemd Symlink Dereference Via chown_one()
Posted Oct 26, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from an issue with systemd where chown_one() can dereference symlinks.

tags | exploit
systems | linux
advisories | CVE-2018-15687
MD5 | 8a7385919cce2220b792617aa434b36b
Linux systemd Line Splitting
Posted Oct 26, 2018
Authored by Jann Horn, Google Security Research

Linux has an issue with systemd where overlong input to fgets() during reexec state injection can lead to line splitting.

tags | exploit
systems | linux
advisories | CVE-2018-15686
MD5 | 7eee1ef6f7faca88b348b6dac9d6b20c
Chrome Debugger Extension API Is Too Powerful
Posted Oct 22, 2018
Authored by Jann Horn, Google Security Research

The Chrome debugger extension API appears to have more power than necessary, including the ability to bypass the check for disabled natives.

tags | advisory
MD5 | 7f04b4dbaa37e47793da6858cb2f0661
Apple Intel GPU Driver Use-After-Free / Double-Delete
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

The Apple Intel GPU driver suffers from use-after-free and double-delete issues due to bad locking.

tags | advisory
systems | apple
advisories | CVE-2018-4334
MD5 | b351e27cbcb6569d7e176048b1d1639f
iOS / macOS HID Event System Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a sandbox escape due to trusted length field in shared memory used by the HID event subsystem.

tags | advisory
systems | ios
MD5 | d02085ca3eebe96590a6bfad12954bf6
iOS copyin Check Kernel Stack Memory Disclosure
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS suffers from a kernel stack memory disclosure due to failure to check copyin return value.

tags | advisory, kernel
systems | cisco, ios
advisories | CVE-2018-4363
MD5 | dabae5d2d2f7dfbc02093d00e56e96e6
iOS / macOS MIG Object Lifetime Semantics Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffer from a sandbox escape vulnerability due to failure to comply with MIG object lifetime semantics in the iohideventsystem_client subsystem.

tags | advisory
systems | apple
MD5 | b9de50e80a2ea80f7f9468bd16b597e3
iOS / macOS MIG Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffer from sandbox escape vulnerabilities due to MIG failing to use correct out-of-line descriptor lengths when parsing reply messages.

tags | advisory, vulnerability
systems | ios
MD5 | 4f22a8f810b85991d35e76ab7b9861b4
iOS / macOS IOHIDResourceQueue::enqueueReport Integer Overflow
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a kernel memory corruption vulnerability due to integer overflow in IOHIDResourceQueue::enqueueReport.

tags | advisory, overflow, kernel
MD5 | eaf771ae19474d20de705e51b77b51d3
iOS / macOS Mach Message Sandbox Escape
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

iOS and macOS suffers from a sandbox escape vulnerability due to mach message sent from shared memory.

tags | advisory
systems | ios
MD5 | 212667e2b57588da87c0742e251ac563
iOS Kernel Personas Use-After-Free
Posted Oct 19, 2018
Authored by Google Security Research, ianbeer

The iOS kernel suffers from a use-after-free vulnerability due to bad error handling in personas.

tags | advisory, kernel
systems | ios
advisories | CVE-2018-4337
MD5 | 00aa8ae882f2b6020f3e4a12749da1ee
Ghostscript 1Policy Dangerous Access To Operator
Posted Oct 18, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript has an issues where callers of a procedure are not forced to be properly marked as executeonly or pseudo-operators, allowing for the ability to take complete control of it.

tags | advisory
advisories | CVE-2018-18284
MD5 | f6013aa13df201f50c343927fca57dcd
Linux BPF Verifier Failed Truncation
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

The Linux BPF verifier has an issue where 32-bit RSH verification does not truncate input before the ALU op.

tags | advisory
systems | linux
advisories | CVE-2018-18445
MD5 | 373edc458d7e0a3a57e28573408ae811
Linux Semi-Arbitrary Task Stack Read On ARM64 / x86
Posted Oct 18, 2018
Authored by Jann Horn, Google Security Research

Linux suffers from a semi-arbitrary task stack read on ARM64 (and x86) via /proc/$pid/stack.

tags | advisory, arbitrary, x86
systems | linux
MD5 | 7100e417a396e293988088f73c3b7c3a
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation
Posted Oct 18, 2018
Authored by Google Security Research, Mark Brand

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.

tags | advisory
advisories | CVE-2018-16068
MD5 | 08315707021518b918593c1b05081689
Microsoft Windows FSCTL_FIND_FILES_BY_SID Information Disclosure
Posted Oct 16, 2018
Authored by James Forshaw, Google Security Research

On Microsoft Windows, the FSCTL_FIND_FILES_BY_SID control code does not check for permissions to list a directory leading to disclosure of file names when a user is not granted FILE_LIST_DIRECTORY access.

tags | exploit
systems | windows
advisories | CVE-2018-8411
MD5 | 1ad1fd11e41df6d259aeb00e3e6cc367
Ghostscript .loadfontloop Exposed System Operators
Posted Oct 15, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an issue where .loadfontloop exposes system operators in the saved execution stack.

tags | advisory
MD5 | 8ee6daa56e7b3cbcf912ca5433934a03
Ghostscript executeonly Bypass
Posted Oct 11, 2018
Authored by Tavis Ormandy, Google Security Research

Ghostscript suffers from an executeonly bypass with errorhandler setup.

tags | exploit
advisories | CVE-2018-17961
MD5 | de8be7c4957ab4b3c8a37259c65b3c84
Page 1 of 48
Back12345Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close