Toggle sidebar

Hacking Suggestion Webkit CVEs published on Nov. 22nd

  • Thread starter Thread starter ZiggyDeer
  • Start date Start date
  • Views Views 4,003
  • Replies Replies 7
  • Likes Likes 4
ZiggyDeer

ZiggyDeer

Active Member
Newcomer
Level 3
Joined
Dec 20, 2014
Messages
41
Reaction score
46
Trophies
0
Location
USA
Website
ziggydev.xyz
XP
325
Country
United States
Hello GBATemp! I recently discovered a whole bunch of proof-of-concept use-after-free exploits posted by the Google Security Team that target Apple Webkit. Since they are only about a week old in terms of their publication, I figured there hasn't been a patch for them on the Switch yet. I will put those POCs down at the bottom of this post.

Now, before you start bringing the hype up, I want to remind you that these are only proof-of-concepts, and will not do anything at the moment besides maybe crashing the browser. Not all use-after-free vulnerabilities can be used to gain privileges or anything like that, and there's also ARM TrustZone that you have to worry about. However, the folks over at Google did publish a total of 8 UAF exploits within WebKit, so maybe there is hope.

Let's hope a more experienced developer will try and pick this up. I've been trying to use QEMU to emulate an aarch64 Debian distro with a Cortex-a57 CPU, but it's just too slow. So I figured the better solution was to buy a Raspberry Pi 3 and debug on that, so that should come in on Thursday.

Anyways, here is the HTML/JS for the 8 POC exploits. I hope this can become useful!

This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
This user does not have permission to use the HTML BB code.
 
  • Like
Reactions: Vorde, Boot_8046, machinoman and 1 other person
Hope to god a 4.01 exploit is announced but since it patches a big vulnerability to execute Homebrew most likely not and since this is a proof-of-concept it's a 50-50 chance that something will happen
 
Last edited by ,
FatherFingLing said:
Hope to god a 4.01 exploit is announced but since it patches a big vulnerability to execute Homebrew most likely not and since this is a proof-of-concept it's a 50-50 chance that something will happen
Click to expand...
highly doubt anything will happen soon but hey its not bad to keep on dreaming

--------------------- MERGED ---------------------------

coolio my dude
 
New CVEs come in heaploads on a constant basis. Copy pasting example PoCs from around the web and failing to mention it's not your code can also be kind of underhanded (especially with the way you posted this). And lastly, if someone randomly googling around and copy pasting other people's code on gbatemp is aware of a possible vulnerability, then it's already well known.


At least just post the link instead of formatting it make it seem like your work

https://www.exploit-db.com/exploits/43176/
 
Last edited by ,
  • Like
Reactions: Deleted User
UnsureSherlock said:
New CVEs come in heaploads on a constant basis. Copy pasting example PoCs from around the web and failing to mention it's not your code can also be kind of underhanded (especially with the way you posted this). And lastly, if someone randomly googling around and copy pasting other people's code on gbatemp is aware of a possible vulnerability, then it's already well known.


At least just post the link instead of formatting it make it seem like your work

https://www.exploit-db.com/exploits/43176/
Click to expand...

Dude read his first sentence.. calm down lmao he is not stealing someones work. Ooooh the irony tho.
AlphonseElric said:
Hello GBATemp! I recently discovered a whole bunch of proof-of-concept use-after-free exploits posted by the Google Security Team that target Apple Webkit. Since they are only about a week old in terms of their publication, I figured there hasn't been a patch for them on the Switch yet. I will put those POCs down at the bottom of this post.
Click to expand...
 
Last edited by MeowMeowMeow,
  • Like
Reactions: Cybernatus and Joom

Site & Scene News

Go to forum More news

Popular threads in this forum

Dusk for switch (TLoZ Twilight Princess port)

Homebrew  New Homebrew "Foil Server"?

Homebrew  Full List of N64 Recompilation Switch ports

Hacking  WiFi chip failing and can't boot. is it possible to enable Airplane Mode by editing system save files directly?

Homebrew Tutorial Translation Project  CS2SX — Write Nintendo Switch Homebrew in C#

Is it fixable

Homebrew  Sonic Unleashed Recompiled (Homebrew Port)

Hacking Emulation  Switch Prod Keys downloading from sites okay?