Information Leak

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service

IntroductionSince 2014, Intel is dominating the PC market as the leading graphics chip vendor worldwide with ~70% market share. With this overwhelming amount of units, any vulnerabilities found are bound to make an impact. Read below on how our team gained system access using an Intel’s graphics driver privilege escalation vulnerability.System access vulnerabilities and others …

SSD Advisory – Intel Windows Graphics Driver Out of Bounds Read Denial of Service Read More »

SSD Advisory – iOS Jailbreak via Sandbox Escape and Kernel R/W leading to RCE

Introduction:Each year, as part of TyphoonCon; our All Offensive Security Conference, we are offering cash prizes for vulnerabilities and exploitation techniques found. At our latest hacking competition: TyphoonPwn 2019, an independent Security Researcher demonstrated three vulnerabilities to our team which were followed by our live demonstration on stage. The Researcher was awarded an amazing sum …

SSD Advisory – iOS Jailbreak via Sandbox Escape and Kernel R/W leading to RCE Read More »

SSD Advisory – Firefox Sandbox Infoleak From Uninitialized Handle In CrossCall

Vulnerability summary The crosscall FilesystemDispatcher::NtOpenFile can leak an uninitialized handle value to a renderer due to an incorrect return value in FileSystemPolicy::OpenFileAction. The crosscall NtOpenKey seems to also suffer from the exact same bug. In this advisory, we show how to leak a function pointer stored in the broker’s stack (corresponding, in this case, to …

SSD Advisory – Firefox Sandbox Infoleak From Uninitialized Handle In CrossCall Read More »

SSD Advisory – Linux BlueZ Information Leak and Heap Overflow

(This advisory follows up on a presentation provided during our offensive security event in 2018 in Hong Kong – come join us at TyphoonCon –  June 2019 in Seoul for more offensive security lectures and training)Vulnerabilities SummaryThe following advisory discuss about two vulnerabilities found in Linux BlueZ bluetooth module.One of the core ideas behind Bluetooth …

SSD Advisory – Linux BlueZ Information Leak and Heap Overflow Read More »

SSD Advisory – iOS/macOS Kernel task_inspect Information Leak

Vulnerabilities Summary The following advisory discusses a bug found in the kernel function task_inspect which a local user may exploit in order to read kernel memory due to an uninitialized variable. Vendor Response “Kernel: Available for: iPhone 5s and later, iPad Air and later, and iPod touch 6th generation Impact: A local user may be …

SSD Advisory – iOS/macOS Kernel task_inspect Information Leak Read More »

SSD Advisory – Firefox Information Leak

Vulnerabilities Summary A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content process. Vendor Response The security …

SSD Advisory – Firefox Information Leak Read More »

?

Get in touch