Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

Technical Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

WebKit – AXObjectCache – m_deferredFocusedNodeChange – UaF

Vulnerability

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in WebKit. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the sandboxed browser.

CVE ID

CVE-2020-10018

Vendor

https://webkit.org/

Product

WebKit based browsers such as Safari, WebKitGTK etc

Disclosure Timeline

  1. November 19, 2019 – Reported to vendor on bugs.webkit.org
  2. March 12, 2020 – Coordinated public release of Advisory

Credits

Sudhakar Verma, Ashfaq Ansari & Siddhant Badhe – Project Srishti of CloudFuzz.

Vendor Advisory

https://webkitgtk.org/security/WSA-2020-0003.html

References

https://bugs.webkit.org/show_bug.cgi?id=204342

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Let’s make cyberspace secure together!

Requirements

What our clients are saying!

Trusted by