본문 바로가기

분류 전체보기8

[0-Day] CVE-2022-32787 - Apple Safari ICU Out-Of-Bounds Write Vulnerability Original Write up : SSD Advisory – Apple Safari ICU Out-Of-Bounds Write TL;DR An Out-Of-Bounds Write vulnerability exists in Apple Safari ICU components libicucore.A.dylib [icu::FormattedStringBuilder::insert]. This library is called when Safari handles the Intl.ListFormat().format function. Vulnerability Summary A vulnerability in Apple Safari ICU components allows an attacker to trigger an OOB.. 2022. 8. 10.
[0-Day] CVE-2022-32816 - Apple Safari IDN URL Spoofing Vulnerability Original Write up : SSD Advisory – Apple Safari IDN URL Spoofing TL;DR Bad handling by Apple Safari allows attackers to use certain look-alike characters instead of the real ones to confuse victims into thinking they are reach a certain site, while they are accessing another one. Vulnerability Summary A vulnerability in Apple Safari IDN handling allows attackers to perform a URL Spoofing as Safa.. 2022. 8. 7.
[0-Day] CVE-2022-1638 ($5,000) - Google Chrome V8 Internationalization Heap Buffer Overflow Vulnerability Title Integer Overflow Leading to OOB Write/Heap-based Buffer Overflow in icu_71::FormattedStringBuilder::insert Summary A OOB Write/Heap-based Buffer Overflow vulnerability exists in the icu_71::FormattedStringBuilder::insert An attacker must open a arbitrary generated HTML file to exploit this vulnerability. Security Severity 8.8 High (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) Test environment MacO.. 2022. 8. 7.
[0-Day] CVE-2022-0517 - Mozilla VPN Privilege Escalation Vulnerability Title Mozilla VPN Privilege Escalation Vulnerability Summary A Uncontrolled Search Path Element vulnerability exists in the libcrypto-1_1-x64.dll. Attackers place arbitrarily generated openssl.cnf files in the C:\MozillaVPNBuild\SSL to exploit this vulnerability. Security Severity High Root Cause Analysis We can check the logic of loading the openssl.cnf file from the call stack above. libcrypto.. 2022. 4. 30.