Technical
Advisory
Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.
WebKit - AXObjectCache - m_deferredFocusedNodeChange - UaF
Vulnerability
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
Vulnerability Details
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in WebKit. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the sandboxed browser.
CVE ID
CVE-2020-10018
Vendor
Product
WebKit based browsers such as Safari, WebKitGTK etc
Disclosure Timeline
- November 19, 2019 - Reported to vendor on bugs.webkit.org
- March 12, 2020 - Coordinated public release of Advisory
Credits
Sudhakar Verma, Ashfaq Ansari & Siddhant Badhe - Project Srishti of CloudFuzz.
Vendor Advisory
https://webkitgtk.org/security/WSA-2020-0003.html
References
Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.
Subscribe to our newsletter
Research Powered Cybersecurity Services and Training. Eliminate security threats through our innovative and extensive security assessments.
Subscribe to our newsletter
Services