Yo, yo, yo welcome back to another installment of "this newsletter about vuln research still doesn't have a real name." 🏴‍☠️ We're excited to see all your virtual faces. This was a relatively slow week, but we still have some fun stuff to share:

In Case You Missed It...

• Pwn2Own Automotive 2024 was this week. At the time of writing this, the competition is still on-going but already the vast majority of the targets have been exploited successfully. You can follow along with the action on ZDI's blog.
• CodeQL queries for objects in the Linux Kernel potentially relevant for exploitation.

Resources and Write-Ups From This Week:

• Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution - Last week, we shared a link to the most recent Chrome Update Bulletin, and mentioned we were looking forward to @__suto's write-up on the OOB write he used to pop V8CTF. While we are still excited for his eventual write-up, it seems his submission may have burnt a bug Exodus Intelligence was also uniquely familiar with. A few days after the patch was released, the company posted an in-depth write-up on the bug and corresponding exploit. The post does a good job of setting up the relevant context for those not overly familiar with browser internals, making it quite approachable.
• mistymntncop: CVE-2022-4262 PoC - Sticking with the V8 theme, @mistymntncop released a PoC for CVE-2022-4262, a type confusion bug. This vuln was originally discovered by @_clem1 of Google's TAG, and patched in December 2022. While the bug has quite the history of prior research (as noted in the README), this is the first publicly available exploit for it.
• A Handful of Imagination GPU Vulnerabilities - @1ce0ear put together a tweet of 3 different Imagination GPU bugs that were disclosed this week. The bugs include some invalid memory protections and a UAF.
• Fuzzware Goes Open-Source - Back in 2022, a paper named Fuzzware: Using Precise MMIO Modeling for Effective Firmware Fuzzing was released and generated a bit of buzz. The general thesis was to create a fuzzer which would be effective on bare metal firmwares by mapping the way MMIO is used and configuring models accordingly. This week, it was announced Fuzzware and the experiments from the paper have been open-sourced.
• CVE-2024-0204: Fortra GoAnywhere MFT Authentication Bypass Deep-Dive - The team at Horizon3.ai put out a technical deep dive into CVE-2024-0204. The post goes through the process of diffing the Java patch and identifying the auth bypass. They also dropped a PoC on their GitHub.

Interesting Job Postings:

• Vulnerability Research @ Trenchant (via @djrbliss)
• Vulnerability Research @ SAFA
• Senior Android Vulnerability Researcher @ RTX
• Reverse Engineer @ Radix Labs
• Principal Vulnerability Researcher @ Oracle
• Senior/Principal Engineer - Engine Vulnerability Research @ Roblox

Wrapping Up...

As always, thanks for stopping by. We here at the club are always trying to improve so if you have comments, questions, or suggestions, feel free to shoot us a DM on X (or just drop us a follow if you are feeling generous).

The exploits.club Discord is live and we are looking for new members! Feel free to show your interest in joining by filling out the form.

See you this time next week 🏴‍☠️