Category

Security

Pwning Pixel 6 with a leftover patch

Pwning Pixel 6 with a leftover patch

In this post, I’ll look at a security-related change in version r40p0 of the Arm Mali driver that was AWOL in the January update of the Pixel bulletin, where other patches from r40p0 was applied, and how these two lines of changes can be exploited to gain arbitrary kernel code execution and root from a malicious app. This highlights how treacherous it can be when backporting security changes.

Man Yue Mo
GitHub Security Lab audited DataHub: Here’s what they found

GitHub Security Lab audited DataHub: Here’s what they found

The GitHub Security Lab audited DataHub, an open source metadata platform, and discovered several vulnerabilities in the platform's authentication and authorization modules. These vulnerabilities could have enabled an attacker to bypass authentication and gain access to sensitive data stored on the platform.

Alvaro Munoz