To drop stuff there you need to be at high integrity level and to load the driver you need an unrestricted token with SeLoadDriverPrivilege enabled, so likely the driver is used to conceal a kernel mode rootkit and privilege escalation is done some other way. #Chrome #0day

New blog post about an UEFI firmware bootkit! securelist.com/cosmicstrand-u… Research was led by our dearly missed Mark

In this post "Corrupting memory without memory corruption" Man Yue Mo is showing how a powerful kernel bug, CVE-2022-20186, can be used to root a Pixel 6 from a malicious app github.blog/2022-07-27-cor…

💥💥Sign extension of bit fields => DANGEROUS. When comparing signed stuff of different sizes sign extension happens. Since "a" has 1 as the most significant bit, it will be sign extended to -1. For unsigned stuff zero extension happens and we don't have this issue.

Kudos to Microsoft for this move to share more symbols 👏🏽 msrc-blog.microsoft.com/2022/08/08/mic…

Detailed analysis of an Android in-the-wild 0-day exploit developed by surveillance vendor Wintego by Xingyu Jin from Android Security Research team: googleprojectzero.blogspot.com/2022/08/the-qu…

CVE-2022-29582, an io_uring vulnerability A detailed and well-written article by Awarau and David Bouman about exploiting a slab use-after-free vulnerability in the io_uring subsystem. ruia-ruia.github.io/2022/08/05/CVE…

Android Universal Root: Exploiting Mobile GPU / Command Queue Drivers #MobileSecurity #AndroidSecurity #BlackHatUsa2022 [SLIDES] by 1ce0ear ExploitDr0id Jon Bottarini i.blackhat.com/USA-22/Wednesd…

We KunlunLab will share the vulnerability and exploitation I used in the TianfuCup2021 for escaping Adobe Reader sandbox on #BCS2022, this vulnerability existed in Named Pipe File System for nearly 10 years since AppContainer was born. We called it "Windows Dirty Pipe".(1/2)

New blog post released! Windows Segment Heap: Attacking the VS Allocator by vp labs.bluefrostsecurity.de/blog.html/2022…

Backdoors in the system partition of budget Android device models target arbitrary code execution in the WhatsApp and WhatsApp Business messaging apps. Devices are counterfeit versions of famous brand-name models news.drweb.com/show/?i=14542&…

Our intern qwerty was destined to analyze a recent Linux kernel LPE vuln (CVE-2022-32250), a bug found and reported by fidgeting bits. Here's a brief write-up on the analysis of the bug and the exploit development. Check it out! blog.theori.io/research/CVE-2… (exploit included)

Bochs its now in github github.com/bochs-emu/Bochs we will be glad to see your contribution, Looking for new devs :D

💥 And another new RCA up today: CVE-2022-2294, the itw 0-day in WebRTC that targeted Chrome! Authored by Natalie Silvanovich googleprojectzero.github.io/0days-in-the-w…

Understanding the Compound File Binary Format and OLE Structures to Mess with CVE-2022-30190 cymulate.com/blog/cve-2022-…

Jit-Picking: Differential Fuzzing of JavaScript Engines (ACM CCS'22) publications.cispa.saarland/3773/1/2022-CC…