Library exploits - are they possible still?

[dvcd]

I believe more work would be needed on memory layout before it's even possible, but is there actually potential in porting known exploits? Libtiff is the latest one to have a vulnerability (again), but is there a system in place to counter this or is it unknown. I think it was likely updated in 1.67, but i know some people are waiting on older fw. Libpng also has recent vulnerabilities which caused them to update the libraries too i believe.

Maybe what has more potential is the browser, there's a lot of hype over how vulnerable Webkit is lately, many code execution exploits found.. at least one exploit proof of concept out there which is not platform specific too. Of course this would only be limited privileges.. but that would be a start, and on Android where the browser is supposed to be sandboxed a way to break out was found regardless. Webkit will be a major target for exploits for certain in the future, interestingly also used on 3DS as well. Could potentially be a source of user mode exploits i think surely considering the info given about various bugs is features the Vita browser shares.

I'm not suggesting anything to be made out of thin air or are platform-specific to be clear, and obviously most of the bugs do not have proof of concept code as of yet. Just thinking of the future; sharing such a widely implemented 3rd party engine which is definitely going to be hacked seems like it could be a major weakness. Or in the case of non-browser bugs, possibly a better usermode alternative to savegame exploits for the people working on PSP.

If someone could inform me if they implemented measures against that type of attack after the libtiff problems i'd appreciate it.

[yifanlu]

I believe more work would be needed on memory layout before it's even possible, but is there actually potential in porting known exploits? Libtiff is the latest one to have a vulnerability (again), but is there a system in place to counter this or is it unknown. I think it was likely updated in 1.67, but i know some people are waiting on older fw. Libpng also has recent vulnerabilities which caused them to update the libraries too i believe.

Maybe what has more potential is the browser, there's a lot of hype over how vulnerable Webkit is lately, many code execution exploits found.. at least one exploit proof of concept out there which is not platform specific too. Of course this would only be limited privileges.. but that would be a start, and on Android where the browser is supposed to be sandboxed a way to break out was found regardless. Webkit will be a major target for exploits for certain in the future, interestingly also used on 3DS as well. Could potentially be a source of user mode exploits i think surely considering the info given about various bugs is features the Vita browser shares.

I'm not suggesting anything to be made out of thin air or are platform-specific to be clear, and obviously most of the bugs do not have proof of concept code as of yet. Just thinking of the future; sharing such a widely implemented 3rd party engine which is definitely going to be hacked seems like it could be a major weakness. Or in the case of non-browser bugs, possibly a better usermode alternative to savegame exploits for the people working on PSP.

If someone could inform me if they implemented measures against that type of attack after the libtiff problems i'd appreciate it.

Suppose you find a buffer overflow (the most common exploit) or a heap overflow (becoming the most common exploit), what do you propose to do with it? In order to inject code we need an idea of where the stack is in memory and if ASLR or something is implemented, even more information needs to be known about the memory.

[dvcd]

I'm aware of that yes.. but let's just assume that more is learned, like what is happening with 3DS right now and neimod's memory dumps. If there's a clearly vulnerable firmware with a proof of concept out there and looks promising some people might want to know in advance of that even, just incase it becomes useful later. I think webkit especially promising considering the Vita architecture.