Security News #0x75
Every now and again, a new target or technique becomes quite the fad in the exploit community. The most recent example is probably from two summers ago when it seemed like a new exploit for Java dropped every few days. Now I can’t predict the future, but I am beginning to wonder if Android is not going to be the next target. Why?
- Threatpost talks about how the recent futex Linux kernel privilege escalation bug (CVE 2014-3153) impacts Android. Now you can use Towelroot to gain root access to your Android phone.
- There is a Linux privilege escalation PoC for CVE 2014-4014.
- The folks at the Fortinet Blog summarize some of the technical details in a new exploit technique to attack the IE scripting engine.
- There is a vulnerability in Python that allows for reading arbitrary process memory.
- If you have been following the TrueCrypt news, you may be interested to read that one (or more) of the authors of TrueCrypt have stated that a fork is essentially impossible. Take a look at the coverage from Ars Technica.