>> CATEGORY: exploit

[APPLE]

>> Packet Storm Exploit 2013-0903-1 – Apple Safari Heap Buffer Overflow

USER: deepcore // 2013-09-04 // 0 CMT

A heap memory buffer overflow vulnerability exists within the WebKit’s JavaScriptCore JSArray::sort(…) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8.

[APPLE]

>> Revelations From Snowden White House "Black Budget" Leak – Bustle

USER: deepcore // 2013-08-29 // 0 CMT

Revelations From Snowden White House “Black Budget” Leak Bustle The leak is unprecedented, and the Post certainly won't have made any friends in the White House by leaking it: like every WikiLeak -esque disclosure of private intelligence, it will invite criticism that giving terrorists knowledge of antiterrorism … and more

[APPLE]

>> Packet Storm Advisory 2013-0827-1 – Oracle Java ByteComponentRaster.verify()

USER: deepcore // 2013-08-27 // 0 CMT

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This vulnerability allows for remote code execution. User interaction is required for this exploit in that the target must visit a malicious page or open a malicious file

[APPLE]

>> Packet Storm Exploit 2013-0827-1 – Oracle Java ByteComponentRaster.verify() Memory Corruption

USER: deepcore // 2013-08-27 // 0 CMT

The ByteComponentRaster.verify() method in Oracle Java versions prior to 7u25 is vulnerable to a memory corruption vulnerability that allows bypassing of “dataOffsets[]” boundary checks. This exploit code demonstrates remote code execution by popping calc.exe. It was obtained through the Packet Storm Bug Bounty program.