Techly NewsGet the app

Get the latest tech news

Shouldn't have happened: A vulnerability postmortem


Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...

The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data. Does reaching the vulnerable code require some complicated state that fuzzers and static analyzers would have difficulty synthesizing, like hashes or checksums? I would not have been able to find this bug without assistance from my colleagues from Chrome, Ryan Sleevi and David Benjamin, who helped answer my ASN.1 encoding questions and engaged in thoughtful discussion on the topic.

Get the Android app

Or read this on Hacker News

« OpenAI Opens Its Speech AI Engine To Developers
Oracle to Invest $6.5 Billion in Malaysia AI, Cloud Services Hub »