- Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).
Two boot looped, I had to enter recovery and the other just powered off [0].
The demo modifies the wallpaper on supported Pixel devices.
[0] IonStack https://rootme.nebusec.ai
____
Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.
Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.
by password4321
5 subcomments
- Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
by teleforce
1 subcomments
- >Google has rewarded us $92,337 in kernelCTF
I'm all ears now
- Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
by 0x1ceb00da
3 subcomments
- Does that mean any android app can use ndk native code execution to become root? Does selinux help here?
by reorder9695
0 subcomment
- Could this be used to unlock bootloaders on typically non unlockable phones? If so this could be one of the best things to happen to Android.
- Huge kudos to the security researchers for 1, finding an exploit, and 2, unlike copyfail, excluding a zero-day ready-to-use LPE script that anyone could have used.
I tried using this for LPE on a Rocky9 for a couple of hours and thankfully couldn't get it to work. So that means unless you have quite some free time on your hand, or are extremely good at doing what you do, you can't actually use this to get LPE on enterprise distros.
- Fuck it. I’m exclusively running the book version of minix from now on, neovim be damned. The exploit surface of these kernels is wild.
- A good think I use JS less browsers.
- Is HN bugged? I swear I have read these comments the day prior, there is no way they are from within 10 hours?
by alexjplant
8 subcomments
- > This is the same shape as many other life-cycle bugs [...]
Claude-ism detected. IME with Claude Code an object does not have a type or definition, apparently, but rather a shape (or at least it reaches for that word before more technically-accurate ones). Problems are not of a similar class or type, but of the same shape. Functions are not defined by their signatures but by their shape. Who talks like this and how did it make its way into the training data so pervasively?
by pseudocoder204
0 subcomment
- [dead]
by tangsoupgallery
0 subcomment
- [flagged]
by mixmastamyk
3 subcomments
- A what?
- "Nothing could have prevented this from happening," say users of only language where this happens
by Uptrenda
10 subcomments
- Has anyone in infosec ever seen the term "use after free" before LLMs? Or is this basically an acronym claude invented? I say this because I see claude use this term all the time like its common knowledge but in 15+ years in tech never seen it myself. I've seen all kinds of terms used to describe memory errors: memory corruption, heap corruption, stack corruption, whatever, just never this acronym.
by KasianFranks
0 subcomment
- So has the church of the subgenius.
by KnockOutEZ
0 subcomment
- Damn
by 0xbadcafebee
6 subcomments
- Do we really need infosec companies now that a skid with claude can find decades-old kernel privesc over a weekend?
Also can we talk about how bad Linux security is? At this point it's becoming a real liability to run anything on Linux that needs to be secure. OpenBSD has been around for ages, is written in C, and is really, really secure. Do they support containers yet (or microVMs)? Cuz if they do, I'm moving my workloads to obsd.