all InfoSec news
Typos that omit security features and how to test for them
Malware Analysis, News and Indicators - Latest topics malware.news
By Dominik ‘disconnect3d’ Czarnota
During a security audit, I discovered an easy-to-miss typo that unintentionally failed to enable _FORTIFY_SOURCE, which helps detect memory corruption bugs in incorrectly used C functions. We searched, found, and fixed twenty C and C++ bugs on GitHub with this same pattern. Here is a list of some of them related to this typo:
- microsoft/binskim#777
- PowerShell/PowerShell-Native#88
apple-open-source/macos#3: Though this is an unofficial fork, so I reported this further in Apple’s Feedback Assistant
trailofbits/cb-multios#96 (Yeah, we …
apple assistant audit bugs corruption detect enable features feedback fork functions github macos memory memory corruption microsoft powershell security security audit security features test typo