exploit the possibilities
Showing 1 - 25 of 165 RSS Feed

Files from natashenka

Email addressnatashenka at google.com
First Active2015-08-19
Last Active2019-08-13
NSKeyedUnarchiver SGBigUTF8String Decoding Information Leak
Posted Aug 13, 2019
Authored by Google Security Research, natashenka

NSKeyedUnarchiver suffers from an information leak when decoding the SGBigUTF8String class using [SGBigUTF8String initWithCoder:]. This class initializes the string using [SGBigUTF8String initWithUTF8DataNullTerminated:] even though there is no guarantee the bytes provided to the decoder are null terminated. It should use [SGBigUTF8String initWithUTF8Data:] instead.

tags | exploit
advisories | CVE-2019-8663
MD5 | 5ebdb23ae44a72166cf9916fedd9770a
iOS Messaging Tools
Posted Aug 7, 2019
Authored by saelo, Google Security Research, natashenka

This repository contains several tools Project Zero uses to test iPhone messaging. It includes SmsSimulator: an SMS simulator for iPhone, iMessage: tools for sending and dumping iMessage messages, and imapiness: a fuzzer for IMAP clients. See the directory for each tool for further instructions and contact information. This is not an officially supported Google product. These tools were released and presented at BlackHat USA 2019.

tags | tool, telephony, imap, fuzzer
systems | apple, iphone
MD5 | 2e9ddb1606e5ec0f3068837fa5919c6c
iMessage URL Deserializing Heap Overflow
Posted Aug 5, 2019
Authored by Google Security Research, natashenka

iMessage suffers from a heap overflow vulnerability when deserializing a URL. This affects Macs only.

tags | exploit, overflow
advisories | CVE-2019-8661
MD5 | 36e18c8532de2e387116a79ad9fb997c
iMessage NSKnownKeysDictionary1 Memory Corruption
Posted Jul 30, 2019
Authored by Google Security Research, natashenka

iMessage suffers from a memory corruption vulnerability when decoding NSKnownKeysDictionary1.

tags | exploit
advisories | CVE-2019-8660
MD5 | bf2f6285feb8eb7cd9887c632a64facd
iMessage NSArray Deserialization
Posted Jul 30, 2019
Authored by Google Security Research, natashenka

iMessage suffers from a vulnerability where NSArray deserialization can invoke a subclass that does not retain references.

tags | exploit
advisories | CVE-2019-8647
MD5 | 01c2017aca9bca7c917b924efac2b31f
iMessage NSKeyedUnarchiver Deserialization
Posted Jul 30, 2019
Authored by Google Security Research, natashenka

iMessage suffers from a vulnerability where NSKeyedUnarchiver deserialization allows file backed NSData objects.

tags | exploit
advisories | CVE-2019-8646
MD5 | f8873dd6fc5e38d1e8f8c8678775b889
iMessage DigitalTouch Out-Of-Bounds Read
Posted Jul 26, 2019
Authored by Google Security Research, natashenka

iMessage suffers from an out-of-bounds read vulnerability in DigitalTouch tap message processing.

tags | exploit
advisories | CVE-2019-8624
MD5 | 7cc38755d991fb1a5a101045bfa32cee
iPhone iMessage Malformed Message Bricking
Posted Jul 4, 2019
Authored by Google Security Research, natashenka

An issue exists where a malformed iMessage can brick an iPhone. A method in IMCore can throw an NSException due to a malformed message containing a property with key IMExtensionPayloadLocalizedDescriptionTextKey with a value that is not a NSString.

tags | exploit
systems | apple, iphone
advisories | CVE-2019-8664
MD5 | fb007a18977fff5d77770c60f17d53df
Visual Voicemail For iPhone IMAP NAMESPACE Use-After-Free
Posted May 21, 2019
Authored by Google Security Research, natashenka

Visual Voicemail for iPhone suffers from a use-after-free vulnerability in IMAP NAMESPACE processing.

tags | exploit, imap
systems | apple, iphone
advisories | CVE-2019-8613
MD5 | ee209f50afa19dc15f5533506c05c21c
FaceTime Texture Processing Memory Corruption
Posted Feb 19, 2019
Authored by Google Security Research, natashenka

FaceTime suffers from a memory corruption vulnerability in texture processing.

tags | exploit
advisories | CVE-2019-6224
MD5 | b453c6f5d49e62c37885c285bc9f79cd
FaceTime RTP Video Processing Heap Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not crash on a Mac.

tags | exploit, kernel
systems | ios
advisories | CVE-2018-4384
MD5 | e1efd0319dcc1218c75d95f35d08574b
FaceTime VCPDecompressionDecodeFrame Memory Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer.

tags | exploit
advisories | CVE-2018-4366
MD5 | 98ed8bf1539b036052ee59ec0d5239fd
FaceTime readSPSandGetDecoderParams Stack Corruption
Posted Nov 6, 2018
Authored by Google Security Research, natashenka

FaceTime suffers from a stack corruption vulnerability in readSPSandGetDecoderParams.

tags | exploit
advisories | CVE-2018-4367
MD5 | 17c8ace8d98479a7e023a22b0a94235c
WhatsApp RTP Processing Heap Corruption
Posted Oct 11, 2018
Authored by Google Security Research, natashenka

WhatsApp suffers from a heap corruption vulnerability in RTP processing.

tags | exploit
MD5 | f6b01d303fe816031bf7b45feaa16a08
WebRTC VP9 Processing Use-After-Free
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is a use-after-free vulnerability in VP9 processing in WebRTC.

tags | exploit
advisories | CVE-2018-16071
MD5 | 46a569d07b8a5affa552ca7aa5867a06
WebRTC FEC Out-Of-Bounds Read
Posted Sep 20, 2018
Authored by Google Security Research, natashenka

There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer.

tags | exploit
advisories | CVE-2018-16083
MD5 | f5cc50595786ed774a0112b7002d39e0
Adobe Flash AVC Processing Out Of Bounds Read
Posted Aug 24, 2018
Authored by Google Security Research, natashenka

Adobe Flash suffers from an out-of-bounds read vulnerability during AVC processing.

tags | exploit
advisories | CVE-2018-12827
MD5 | 542426b18d0d3fbe815b6571db42555f
WebRTC VP8 Block Decoding Use-After-Free
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC.

tags | exploit
MD5 | fe84289b20deaaf1289d6b1fe162af01
WebRTC FEC Processing Overflow
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incoming_rtp_packet, which is an RTP packet with a mac length that is defined by the transport (2048 bytes for DTLS in Chrome). This packet is then copied to the received_packet in several locations in the method, depending on packet properties, using the lenth of the incoming_rtp_packet as the copy length. The received_packet is a ForwardErrorCorrection::ReceivedPacket, which has a max size of 1500. Therefore, the memcpy calls in this method can overflow this buffer.

tags | exploit, overflow
MD5 | 066c20eaa37c60242f60e28957ecc367
WebRTC H264 NAL Packet Type Confusion
Posted Jul 31, 2018
Authored by Google Security Research, natashenka

WebRTC suffers from a type confusion vulnerability when processing an H264 NAL packet.

tags | exploit
MD5 | 0f13bebaacf8d1adb0041a3b46fa15e0
Google Chrome Integer Overflow When Processing WebAssembly Locals
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

Google Chrome suffers from an integer overflow vulnerability when processing WebAssembly Locals.

tags | exploit, overflow, local
advisories | CVE-2018-6092
MD5 | aeb83fd88c3d4231411f5990050f821c
WebKit WebAssembly Compilation Information Leak
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebKit suffers from an information leak vulnerability in WebAssembly Compilation.

tags | exploit
advisories | CVE-2018-4222
MD5 | 8a7060e2844a92fb8c612af806907919
WebKit Generator Use-After-Free
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebKit suffers from a use-after-free vulnerability when resuming generator.

tags | exploit
advisories | CVE-2018-4218
MD5 | bbd278c835aea19f068ff64534828d6b
WebRTC VP9 Missing Frame Processing Out-Of-Bounds Memory Access
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebRTC VP9 missing frame processing suffers from an out-of-bounds memory access vulnerability.

tags | exploit
advisories | CVE-2018-6129
MD5 | 00cc61e87f0625b4254896a0155f9fc3
WebRTC VP9 Frame Processing Out-Of-Bounds Memory Access
Posted Jun 7, 2018
Authored by Google Security Research, natashenka

WebRTC VP9 frame processing a suffers from an out-of-bounds memory access vulnerability.

tags | exploit
advisories | CVE-2018-6130
MD5 | 706e2d1ce513062e5e894376a2bfe8e7
Page 1 of 7
Back12345Next

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close