Why do hackers love JavaScript arrays? (Coruna Spyware Analysis) YT
Description
Are you a security researcher or reverse engineer?
For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **
*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.
/////////////////////////////////////
Hey guys, today we're continuing the analysis of one of the 'Coruna' iOS browser exploits used to deploy spyware on your iPhone.
Specifically, in this video we're focusing on how the stage1 exploit builds upon the out of bounds access primitive and manages to achieve full arbitrary memory read and write capabilities inside the WebContent Safari browser process.
The attackers implement some fun techniques to create a fake JavaScript array object out of JS float values and then use this to read and write to arbitrary memory locations.
Thanks for watching,
~ bellis1000
https://zygosec.com
 [4bWaI4fr38Y].webp){kind=link}