腾讯玄武实验室安全动态推送
Tencent Xuanwu Lab Security Daily News
-
[ Android ] Android Security Bulletin April 2017 includes fix to 17 critical bugs in Qualcomm components, no details available https://t.co/lT3jc1bc89
"Android 发布 2017年 4月安全公告: https://t.co/lT3jc1bc89 "
-
[ Browser ] Webkit bug derestriction time, https://bugs.chromium.org/p/project-zero/issues/detail?id=1080, 1082, 1087, 1090, 1097, 1105, 1114
"WebKit: HTMLInputElement UAF(CVE-2017-2454): https://bugs.chromium.org/p/project-zero/issues/detail?id=1080"
-
[ iOS ] Project Zero blog: "Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)" by @ laginimaineb - https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
"Broadcom Wi-Fi SoC 的攻击界面以及如何利用漏洞实现芯片内的代码执行: https://t.co/mXSgqLDA1v"
-
[ iOS ] About the security content of iOS 10.3.1 update (<--RCE via Wifi fixed*) https://support.apple.com/en-us/HT207688
"Apple 发布 iOS 10.3.1 安全更新: https://t.co/eY1Z3Ns3rt"
-
[ macOS ] macOS 10.12.4 Sources https://opensource.apple.com/release/macos-10124.html
"macOS 10.12.4 Sources: https://t.co/WKTwSJOz2p"
-
[ MalwareAnalysis ] Technical analysis of Pegasus for Android #APT https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf Sample:https://koodous.com/apks/ade8bef0ac29fa363fc9afd958af0074478aef650adeb0318517b48bd996d5d5 #Malware https://t.co/RDkqca34Ay
"以色列公司 NSO Group 向政府出售的 Pegasus 间谍软件中 Android 部分的细节,来自 Lootout: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf Sample︰ https://t.co/RQDLQ2sukC "
-
[ Others ] .@ quarkslab The associated blog post: http://blog.quarkslab.com/lief-library-to-instrument-executable-formats.html
" LIEF - QuarksLab 开源的一个跨平台可执行文件格式(PE/ELF/MachO)的解析、修改、抽象库︰ https://t.co/VqVhRIBp51"
-
[ Popular Software ] Local privilege escalation in Tenable Nessus Agent 6.10.3 (CVE-2017-7199) - https://aspe1337.blogspot.co.uk/2017/04/writeup-of-cve-2017-7199.html #Hacking #Pentesting #Infosec
" Tenable Nessus Agent 6.10.3 本地提权漏洞分析 (CVE-2017-7199): https://t.co/SxwSgd1EHr "
-
[ Popular Software ] Slides, video & source code from my talk at @ OWASPLondon "PostMessage Security in Chrome Extensions" https://raz0r.name/talks/postmessage-security-in-chrome-extensions/
"对 Chrome 扩展应用中 PostMessage 的安全性分析,来自 OWASP London Meetup: https://t.co/mJj1UC8o7r "
-
[ Windows ] Disarming EMET 5.52 : Controlling it all with a single write action : https://blog.ropchain.com/2017/04/03/disarming-emet-5-52/ https://t.co/mNZrTFpKMm
"一条写指令,不依赖 ROP,使 EMET 5.52 缴械投降︰ https://t.co/iGPWpwCerE "
Xuanwu Spider via seebug