[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of, Service Vulnerability
- From: Jeremy Brown <0xjbrown41@xxxxxxxxx>
- Date: Thu, 26 Feb 2009 19:39:37 -0500
Not all are practically exploitable, but exploitation seems to be
possible at least on ARM, XScale, and possibly PowerPC as
www.juniper.net/solutions/literature/white_papers/Vector-Rewrite-Attack.pdf
points out. As for examples.. doesn't look like they are public.
On Thu, Feb 26, 2009 at 6:52 PM, Jubei Trippataka
<vpn.1.fanatic@xxxxxxxxx> wrote:
>
>
> On Fri, Feb 27, 2009 at 10:54 AM, jf <jf@xxxxxxxxxxxxxxxxxxxx> wrote:
>>
>> also keep in mind that null ptr deref's can sometimes be exploitable--
>> especially on certain processors that store important things at 0x0;
>> of which, from what i recall, the iphone is one.
>>
>
> Can you please give one example of a NULL deref that was exploitable?
>
> --
> ciao
>
> JT
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/