all InfoSec news
Full Chain Baseband Exploits, Part 2
Dec. 7, 2023, midnight |
Taszk Labs on taszk.io labs labs.taszk.io
Part 1 Part 3 If you’ve watched my Basebanheimer talk, you will have noticed that concrete ideas for exploiting CVE-2022-21744, a heap buffer overflow in Mediatek baseband, were omitted from the talk for brevity.
This heap overflow vulnerability has an important limitation: the overwriting value is a pointer to an allocation with attacker controlled bytes.
In other words, as explained in the talk, we aren’t controlling the bytes we corrupt with directly, we write 4 …
baseband buffer buffer overflow concrete cve exploiting exploits heap buffer overflow ideas important mediatek overflow posts series the talk value vulnerability
More from labs.taszk.io / Taszk Labs on taszk.io labs
Full Chain Baseband Exploits, Part 3
4 months, 3 weeks ago |
labs.taszk.io
Full Chain Baseband Exploits, Part 2
4 months, 3 weeks ago |
labs.taszk.io
Full Chain Baseband Exploits, Part 1
4 months, 3 weeks ago |
labs.taszk.io
Jobs in InfoSec / Cybersecurity
Information Security Cyber Risk Analyst
@ Intel | USA - AZ - Chandler
Senior Cloud Security Engineer (Fullstack)
@ Grab | Petaling Jaya, Malaysia
Principal Product Security Engineer
@ Oracle | United States
Cybersecurity Strategy Director
@ Proofpoint | Sunnyvale, CA
Information Security Consultant/Auditor
@ Devoteam | Lisboa, Portugal
IT Security Engineer til Netcompany IT Services
@ Netcompany | Copenhagen, Denmark