all InfoSec news
Full Chain Baseband Exploits, Part 2
Dec. 7, 2023, midnight |
Taszk Labs on taszk.io labs labs.taszk.io
Part 1 Part 3 If you’ve watched my Basebanheimer talk, you will have noticed that concrete ideas for exploiting CVE-2022-21744, a heap buffer overflow in Mediatek baseband, were omitted from the talk for brevity.
This heap overflow vulnerability has an important limitation: the overwriting value is a pointer to an allocation with attacker controlled bytes.
In other words, as explained in the talk, we aren’t controlling the bytes we corrupt with directly, we write 4 …
baseband buffer buffer overflow concrete cve exploiting exploits heap buffer overflow ideas important mediatek overflow posts series the talk value vulnerability
More from labs.taszk.io / Taszk Labs on taszk.io labs
Full Chain Baseband Exploits, Part 3
5 months, 3 weeks ago |
labs.taszk.io
Full Chain Baseband Exploits, Part 2
5 months, 3 weeks ago |
labs.taszk.io
Full Chain Baseband Exploits, Part 1
5 months, 3 weeks ago |
labs.taszk.io
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC