This Metasploit module exploits a JIT optimization bug in Safari Webkit. This allows us to write shellcode to an RWX memory section in JavaScriptCore and execute it. The shellcode contains a kernel exploit (CVE-2016-4669) that obtains kernel rw, obtains root and disables code signing. Finally we download and execute the meterpreter payload. This module has been tested against iOS 7.1.2 on an iPhone 4.
8ca4b125e9aba514f4d2bd3c12b5189f4dceafcaab577262cc602a11c87480fb
Ubuntu Security Notice 4459-1 - It was discovered that Salt allows remote attackers to determine which files exist on the server. An attacker could use that to extract sensitive information. It was discovered that Salt has a vulnerability that allows an user to bypass authentication. An attacker could use that to extract sensitive information, execute arbitrary code or crash the server. It was discovered that Salt is vulnerable to command injection. This allows an unauthenticated attacker with network access to the API endpoint to execute arbitrary code on the salt-api host. Various other issues were also addressed.
554a555f7c9f85d9a4dada2c6804fc228f4388887cd01c661baad5b75fd51e4d
WordPress Sell Photo plugin version 1.0.5 suffers from a persistent cross site scripting vulnerability.
9cd8857460b66eb62b573f53d83267eb527499cb66169c1bffa1aaf50e323281
Mikrotik RouterOS suffers from null pointer dereference and reachable assertion failure vulnerabilities.
2df20ffb503d40f9cb6c783de8944c6f8ddb31e97c0d49da69d0f06ea89a0ad1
A PAC and JIT hardening bypass exists in WebKit on iOS.
7e43df27a79d01df906491c3fa75f5b9b076ed4934270a40b2e9bf12e7d1271c
On Android, app zygotes do not properly guard against UID reuse attacks, leak AID_READPROC, and expose mlstrustedsubject.
259e249f92035fcc7a0f05456a83799f739c985a9863269f49049822d3dfa37f
Artica Proxy version 4.3.0 suffers from an authentication bypass vulnerability.
3e28e53946121e8684f361f5280160ec92df78ad5b81e77ea2d01f9f26a906d1