Techly NewsGet the app

Get the latest tech news

Three mistakes from Dart/Flutter's weak PRNG


A look into how an unexpectedly weak PRNG in Dart led to Zellic's discovery of multiple vulnerabilities

Once they have created their first project and are staring at their blank template, they might be tempted to look up the documentation online not knowing they are one click away from malicious users stealing files from their computer, or potentially executing code. At this point, the website can list directory contents, extract and exfiltrate secret files from the workspace, or overwrite build scripts and GIT hooks to indirectly run arbitrary code. After recovering the second secret and changing the workspace roots, the same can be applied to all files that the current user has access to, for example in a typical stealer malware fashion.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of DART

DART

Photo of mistakes

mistakes

Photo of Flutter

Flutter

Related news:

News photo

Review: Xiaomi's Redmi Note 14 Pro+ is a terrific phone held back by poor software choices

News photo

Mistakes as a new manager

News photo

I hope Samsung doesn't make the same mistakes as Apple

« Waymo’s robotaxis pass the first responder test
Feds help health insurers hide their dirty secret: denials on the rise »