author: redrain@360CERT && attacker2001@360CERT
BlackHat 2016 saw the report on vulnerabilities in video services. The authors continued researching this area, and are going to tell about new vulnerabilities (logical and binary) and curious ways to exploit them. Look forward to hearing real stories about exploiting these vulnerabilities in bug bounty programs!
在6月27日 hackerone 公开了一个关于FFmpeg本地文件泄漏的报告(https://hackerone.com/reports/243470) 该报告中描述为25日公开的另一个FFmpeg本地文件泄漏相关(https://hackerone.com/reports/242831)。该漏洞@Emil Lerner和@Pavel Cheremushkin在今年的phdays conference中已经披露(https://www.slideshare.net/phdays/ss-76515896)。
On Pwn2own 2017, macOS Sierra and Safari 10 from Apple were two of the platforms that have taken the highest number of hits. Though several other teams also successfully compromised or almost compromised the target macOS + Safari, 360Vulcan Team is the very one that exploited the least number of vulnerabilities. It is also the only team that realized sandbox escape through kernel exploit and obtained the system privilege to gain complete control over macOS kernel. In this article, we will share the exploitation techniques of how we successfully found and made use of the kernel vulnerability of macOS.