Techly NewsGet the app

Get the latest tech news

You Can't Spell WebRTC Without RCE – Part 1


Injecting and Exploiting Synthetic Remote Vulnerabilities to explore Signal-iOS and WebRTC It’s another average Friday morning and my iPhone shows 705 unread Signal messages. Signal has not completely supplanted my use of iMessage, but it does dominate communications with industry peers and privacy-conscious friends. If you are a cybersecurity

Over the next three posts we aim to turn the seemingly arcane and daunting task of instant messaging app research and modern mobile exploitation into a more approachable goal. All code referenced in this post is available on Margin Research's WebRCE GitHub page in case you want to follow along or dig deeper into the scripts which form the final exploit. In fact, Signal introduced this patch specifically to detect situations where something “is broken or someone is doing an attack.” This is a logical fix that drastically reduces 0-click surface by refusing to parse any RTP/RTCP data packets prior to both parties accepting a call.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of RCE

RCE

Related news:

News photo

Progress warns of critical RCE bug in Telerik Report Server

News photo

RCE bug in widely used Ghostscript library now exploited in attacks

News photo

RegreSSHion: RCE in OpenSSH's server, on glibc-based Linux systems

« Making your own hot sauce
OpenAI says it’s taking a ‘deliberate approach’ to releasing tools that can detect writing from ChatGPT »