Official patch: https://chromium-review.googlesource.com/c/v8/v8/+/4584248
Patch come from KeyedStoreIC::StoreElementHandler(), it returns fast path code(Turbofan builtin) for keyed store depends on "receiver_map" and "store_mode". Based on the content of this function is all about element STORE, I personally believe that this is an OOB writes vulnerability.
If we divide the PoC exploration into two parts based on this func, they are:
Update 17.10.2024: macOS 15 no longer requires root privileges for hidutil, you need to add hidutil and Terminal to 'Input Monitoring' in Settings/Privacy & Security tab.
Update 13.04.2024: On macOS 14.2 hidutil requires root privileges.
If you have a mac with an INT (ISO) keyboard you might want to change the ± key to ~. During my research I found that the information on this topic is not at all centralized. I prefer this option because it does not involve installing new software.
With macOS 10.12 Sierra Apple introduced hidutil as a tool to remap keyboard keys. See TN2450.
Here, I'll show you how to compile Frida for both rootfull and rootless jailbreaks.
On Dopamine/Fugu15 Max or palera1n you can add my repo (open the link in your favorite browser on your jailbroken iDevice).
The DEBs you will install are build using the following instructions.
Sometimes it seems like the first (and sometimes only) advice you get offered for almost any problem with a Raspberry Pi is "check your power supply". You think something like:
"hey, I'm using an official power supply sold as being matched with my Pi so how can there be any problem?"
You look up the specs then stick a controlled load across your supply and confirm that it can deliver the required number of Watts.
Yet your problems persist…
MS Office docx files may contain external OLE Object references as HTML files. There is an HTML sceme "ms-msdt:" which invokes the msdt diagnostic tool, what is capable of executing arbitrary code (specified in parameters).
The result is a terrifying attack vector for getting RCE through opening malicious docx files (without using macros).
Here are the steps to build a Proof-of-Concept docx:
Since monterey update does not allow us to use Xcode previous than 13, let's show how to "install previous SDKs"
Swift toolchains, from https://swift.org/download/
Previous Xcode.xip, from the https://developer.apple.com
| // To compile: clang++ -arch x86_64 -arch arm64 -std=c++20 library_injector.cpp -lbsm -lEndpointSecurity -o library_injector, | |
| // then codesign with com.apple.developer.endpoint-security.client and run the | |
| // program as root. | |
| #include <EndpointSecurity/EndpointSecurity.h> | |
| #include <algorithm> | |
| #include <array> | |
| #include <bsm/libbsm.h> | |
| #include <cstddef> | |
| #include <cstdint> |
