Chakra JIT Loop LandingPad ImplicitCall Bypass
October 26, 2018
Author: Qixun Zhao(aka @S0rryMybad && 大宝) of Qihoo 360 Vulcan Team
前言在第一篇文章的时候,我们提到过关于回调的漏洞一般分为三种情况,其中第一种是GlobOpt阶段的|BailOutOnImplicitCall ...
Oracle WebLogic Two RCE Deserialization Vulnerabilities
October 19, 2018
Author: Zhiyi Zhang of 360 ESG Codesafe Team
前言Oracle 官方在7月份发布关键补丁更新之后,我在当月随后陆续提交了一些weblogic的不同类型漏洞,由于官方并 没有全部修复完成,本次的补丁修复了我报送的6个漏洞,其中有3个漏洞由于某些原因合 ...
Use After Free in mDNSOffloadUserClient.kext
October 7, 2018
Both Qixun Zhao of Qihoo 360 Vulcan Team and Liang Zhuo of Qihoo 360 Nirvan Team found this issue independently.
BackgroundIOKit UserClient classe ...
Edge Inline Segment Use After Free
September 15, 2018
Author:Qixun Zhao(aka @S0rryMybad && 大宝) of Qihoo 360 Vulcan Team
在今个月的微软补丁里,修复了我报告的4个漏洞,我将会一一讲解这些漏洞.因为我写的这些文章都是用我的空余时间写的,因为每天还有大量的工作和需要休息 ...
Edge InlineArrayPush Remote Code Execution
August 17, 2018
Note:Sorry for my poor English, to express exactly what I mean and avoid misunderstand,I need to write in Chinese.If someone want to translate to ...