Techly NewsGet the app

Get the latest tech news

Bytecode Breakdown: Unraveling Factorio's Lua Security Flaws


Dynamic languages are safe from memory corruptions bugs, right?

Some months ago I exploited a vulnerability in the Lua implementation of Factorio that allowed a malicious server to obtain arbitrary execution on clients. Based on this information, it might seem that the surface of the Lua interpreter in the game is limited to local exploits that require the user to download a malicious mod. If we can make Lua think any object passed as the initial start point of a numeric loop is a number, we could leak its address, as it would be available to us as a variable.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Factorio

Factorio

Photo of lua security flaws

lua security flaws

Photo of bytecode breakdown

bytecode breakdown

Related news:

News photo

Factorio Undo/Redo Improvements and Car Latency Driving

News photo

Factorio – Statistics improvements, Linux adventures

« US Treasury finalizes crypto rules to prevent tax evasion
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack »