Mozilla bought the excellent Android email app K-9 (which didn’t include any trackers) and integrated trackers as part of #Mozilla‘s rebranding under the #Thunderbird name.

They even made it opt-out instead of opt-in. Their defense for breaking the law: ”we wouldn’t have enough data if we obeyed the law.“

It doesn’t matter whether you ”anonymized“ the data or not: If you want to extract data from someone’s device to yours, you may do so only if they knowingly consented.
https://social.tchncs.de/@kuketzblog/113244035577912640

New vulnerability report from Talos:

Veertu Anka Build registry archive files directory traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2059

CVE-2024-41163

New vulnerability report from Talos:

Veertu Anka Build node agent update privilege escalation vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2060

CVE-2024-39755

New vulnerability report from Talos:

Veertu Anka Build registry log files directory traversal vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2061

CVE-2024-41922

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Directory integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2068

CVE-2024-36474

New vulnerability report from Talos:

GNOME Project G Structured File Library (libgsf) Compound Document Binary File Sector Allocation Table integer overflow vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2024-2069

CVE-2024-42415

[RSS] Pwning LLaMA.cpp RPC Server with CVE-2024-42478 and CVE-2024-42479

https://pwner.gg/2024/10/03/llama-cpp-cves/

Just published a deep dive on how we have made it possible to debug the kernel with drgn, without installing any debuginfo packages, on Oracle Linux.

This is a really cool feature that we're in the middle of upstreaming, so it's not quite present in drgn's main branch. However the article has links to all the relevant code, PRs, and issues, so you can see the process in real time, and learn how to get it working on other kernels/distros.

https://blogs.oracle.com/linux/post/introducing-ctf-support-in-drgn-for-oracle-linux

[RSS] How can I detect whether the user is running as an elevated administrator (as opposed to a natural administrator)?

https://devblogs.microsoft.com/oldnewthing/20241003-00/?p=110336

#Hacking is not just #OldSchool tooling and techniques. Modern #MobileApps are a fun target for #ReverseEngineers and #Pentesters alike. A fundamental tool to properly hack mobile apps is @fridadotre by @oleavr.

We continue our tour of my @github projects with my humble contributions to this field:
https://github.com/0xdea/frida-scripts

For a well-maintained project that includes some of my #Frida scripts, check out #Brida by @apps3c and Piergiovanni Cipolloni:
https://github.com/federicodotta/Brida

And even after many years, if you search for well-crafted Frida scripts to bypass certificate pinning or root detection, there’s a very good chance that you’ll stumble upon the work of some of my colleagues… Very proud of my team at @hnsec!

New Project Zero issue:

UAF race of global maps in fastrpc_mmap_create (and epilogue functions) cause memory corruption

https://project-zero.issues.chromium.org/issues/42451715

CVE-2024-33060

New Project Zero issue:

Incorrect searching algorithm in fastrpc_mmap_find leads to kernel address space info leak

https://project-zero.issues.chromium.org/issues/42451713

CVE-2024-33060

New Project Zero issue:

Double-free (or UAF) race in possibly unused qrtr_bpf_filter_detach

https://project-zero.issues.chromium.org/issues/42451712

CVE-2024-38401

https://googleprojectzero.blogspot.com/2024/10/effective-fuzzing-dav1d-case-study.html Finally have my public post up on the bug I found in dav1d last year.

[RSS] A function for creating an absolute security descriptor from a self-relative one

https://devblogs.microsoft.com/oldnewthing/20241002-00/?p=110333

"Best email money can buy" product Zimbra has an embarrassingly bad vulnerability: CVE-2024-45519

The vulnerable code appends the attacker-provided email address to a command line and then runs it with popen() (which uses a shell). Guess what happens when the email address has a backticks, a semicolon, $(), etc?

What year is this?

Luckily the attack vector to get there (postjournal) isn't enabled by default, as there are exploitation attempts occurring in the wild:
https://infosec.exchange/@justicerage/113231837285277188

https://blog.projectdiscovery.io/zimbra-remote-code-execution/

[RSS] Class Pollution in Ruby: A Deep Dive into Exploiting Recursive Merges

https://blog.doyensec.com/2024/10/02/class-pollution-ruby.html

As I am seeing some Medium links in my timeline today, and Medium is pretty annoying (pop-overs and all). So reminder that you can just replace:

> medium.com

…with:

> scribe.rip

In any Medium link and get a wonderful simple unobtrusive reading experience instead.

#Medium #ScribeRip #AlternativeFrontends

The Cryptodifference Engine: An in-depth look at differential fuzzing for harvesting crypto bugs, by Célian Glénaz

https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html

To get rich in a gold rush, sell shovels.

https://www.sonarsource.com/lp/solutions/ai-assurance-codefix/