腾讯玄武实验室安全动态推送(Tencent Xuanwu Lab Security Daily News)

腾讯玄武实验室安全动态推送

Tencent Xuanwu Lab Security Daily News

patrick wardle @patrickwardle

[ macOS ] PoC for macOS 10.12.4 kernel memory leak (0day): https://pastebin.com/87fHLMQq ?? ...previously blogged about it here: https://objective-see.com/blog/blog_0x1B.html

"月初的时候推送过一篇《Two Bugs, One Func》，介绍的是一个 macOS 10.12.4 内核信息泄露漏洞，现在作者放出了一份 PoC︰ https://t.co/qWPAYdtiEI "
Nicolas Krassas @Dinosn

[ macOS ] New Apple Filesystem (APFS) Reverse Engineered https://blog.cugu.eu/post/apfs/

"Apple 新启用的 APFS 文件系统格式逆向分析： https://t.co/NtjzF5zv7u"
Tek @tenacioustek

[ Malware ] I have uploaded the source code and binaries of #FinSpy dumped by @ fleximinx on github : https://github.com/Te-k/flexidie

"号称"世界上最具权威的电脑、手机和平板电脑的监控软件"的 FlexiSpy 的源码和二进制文件泄露： https://t.co/9aOcYhEUL7"
Darknet.org.uk @THEdarknet

[ Rootkit ] New Post: BEURK – Linux Userland Preload Rootkit http://ift.tt/2ozF43m https://t.co/nP4e3FKyO5

"BEURK - Linux Userland Preload Rootkit： https://t.co/eRkcx0nHNQ "
Binni Shah @binitamshah

[ Tools ] Trueseeing : a fast, accurate, and resilient vulnerability scanner for Android apps : https://pypi.python.org/pypi/trueseeing

"trustseeing - 快速准确的 Android 应用漏洞扫描程序︰ https://t.co/tIl0vqjl6r"

Xuanwu Spider via 雷科技

[ iOS ] 你可能看到的是假的苹果榜单，App Store 刷榜黑幕大揭秘： https://mp.weixin.qq.com/s/vQv_a4eCP_-NHJPlevhKaw
Xuanwu Spider via yuange 's weibo

[ Vulnerability ] IIS的新UNICODE漏洞 WideChar和MultiByte字符转换问题： http://weibo.com/p/1001603843609647549905
Xuanwu Spider via Guang Gong 's weibo

[ Vulnerability ] CVE-2017-5057 Type confusion in PDFium PoC： "var obj = new this.constructor;obj.author=3;"： http://weibo.com/5274004507/EFv9jd93k?type=comment