Services

IoT Security Testing Red Team Assessment Product Security AI/ML Security Audit Web Security Testing

Mobile Security Testing DevSecOps Consulting Code Review Cloud Security Critical Infrastructure

Products

EXPLIoT

EXPLIoT is framework for IoT security testing
and exploitation.

CloudFuzz

CloudFuzz is platform that lets you code for bugs
by running your software with millions of test cases.

Who we are

About Us Payatu Bandits

Resources

Blogs MasterClass Series Case Studies E-Books New Advisory Media

Tools

securecode.wiki New

Pune Location Europe Location

Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

WebKit - AXObjectCache - m_deferredFocusedNodeChange - UaF

Vulnerability

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in WebKit. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the sandboxed browser.

CVE ID

CVE-2020-10018

Vendor

https://webkit.org/

Product

WebKit based browsers such as Safari, WebKitGTK etc

Disclosure Timeline

November 19, 2019 - Reported to vendor on bugs.webkit.org
March 12, 2020 - Coordinated public release of Advisory

Credits

Sudhakar Verma, Ashfaq Ansari & Siddhant Badhe - Project Srishti of CloudFuzz.

Vendor Advisory

https://webkitgtk.org/security/WSA-2020-0003.html

References

https://bugs.webkit.org/show_bug.cgi?id=204342

Technical Advisory