iOS 7.1.x PDF exploit – CVE-2014-4377 (opens in new tab)

(isc.sans.edu)

34 pointsklapinat0r11y ago5 comments

5 comments

5 comments · 5 top-level

th0br011y ago

http://blog.binamuse.com/2014/09/coregraphics-memory-corrupt...

clarry11y ago

Always check your arithmetic, always check your arithmetic, always check your arithmetic...

No, let's just keep repeating old classic bugs.

OpenBSD's reallocarray(3) is a step in the right direction, but I've always been concerned about the focus on multiplication; needing to allocate x*y+z bytes is a rather common pattern. I suspect there's still plenty of additive arithmetic that goes unchecked.

cportela11y ago

The repo with the code in it. Link to the original post already posted, but here it is anyways.

https://github.com/feliam/CVE-2014-4377

http://blog.binamuse.com/2014/09/coregraphics-memory-corrupt...

allegory11y ago

Confucius say "man who write C have many holes in pants"

That's what our lead C dev says. And I agree, as a C programmer.

walterbell11y ago

Yesterday's thread with exploit code, enables any website to perform arbitrary code execution. Apple needs to fix this in iOS7, not force users to upgrade to iOS8 while it is still buggy.

https://news.ycombinator.com/item?id=8348843

j / k navigate · click thread line to collapse