The fakeobj() Primitive: Turning an Address Leak into a Memory Corruption

2019-06-23

[public] 31.3K views, 1.15K likes, 6.00 dislikes audio only

Part5: In this video we turn the bug used in addrof() to corrupt the memory of internal JavaScriptCore Objects which can help us to compromise the engine.

The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit

Saelo's exploit: https://github.com/saelo/cve-2018-4233/blob/master/pwn.js

Saelo's phrack paper: http://www.phrack.org/papers/attacking_javascript_engines.html

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://geni.us/ntg3b

→ Graphics tablet:* https://geni.us/wacom-intuos

→ Camera#1 for streaming:* https://geni.us/sony-camera

→ Lens for streaming:* https://geni.us/sony-lense

→ Connect Camera#1 to PC:* https://geni.us/cam-link

→ Keyboard:* https://geni.us/mech-keyboard

→ Old Microphone:* https://geni.us/mic-at2020usb

US Store Front:* https://www.amazon.com/shop/liveoverflow

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Website: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.

LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#BrowserExploitation