Arthur T Knackerbracket has found the following story:
Developer unknownv2 has released a proof of concept exploit for the Xbox One. The exploit leverages a series of known vulnerabilities in the Microsoft Edge Browser (CVE-2016-7200 and CVE-2016-7241). We have not confirmed if this exploit works here at wololo.net (yup, I still don't have an Xbox One...).
The Xbox One uses Microsoft's Edge browser. Pretty much the same browser that you used once on Windows 10, to download google Chrome.
In November last year, several critical vulnerabilities were found in the Edge browser, and disclosed by Microsoft as they patched them. A proof of concept was released for these vulnerabilities by developer Brian Pak, demonstrating how to use them in an exploit. This is known as the Chakra exploit, and a good read on the topic can be found here.
Hacker unknownv2 has built his Xbox One exploit on top of Brian Pak's proof of concept. In the developer's words:
The POC itself was mostly complete, but the first bug (CVE-2016-7200) it used was patched on the console. I used Json.Parse bug (CVE-2016-7241) to leak addresses instead and after a bit of tweaking with the values, I was able to get the correct address for the chakra.dll. From there, I modified the POC by changing the code addresses for the gadgets and the VirtualProtect function call to make the shellcode executable.
This is a userland exploit, similar to webkit exploits that many of us are familiar with.
-- submitted from IRC
(Score: 3, Insightful) by urza9814 on Wednesday April 05 2017, @06:44PM (1 child)
"Could and should"? I think you mean DOES. When's the last time you looked at Mozilla? Their website might as well just redirect to the EFF these days. If you want to download Firefox you have to scroll past links to crypto tools and warnings about internet tracking. They've already rebranded themselves as the privacy browser, so I'd suggest giving Firefox another try if you haven't recently.
Mozilla: "Get Smart on the Web"
https://www.mozilla.org/en-US/teach/smarton/ [mozilla.org]
Mozilla Blog: Data Privacy Day
https://blog.mozilla.org/blog/2017/01/26/data-privacy-day/ [mozilla.org]
Adage.com: Mozilla's Holiday Brand Project Was a Data Privacy Pop-up in NYC
http://adage.com/article/privacy-and-regulation/mozilla-s-holiday-brand-project-a-privacy-pop-nyc/307425/ [adage.com]
Mozilla: Data Privacy Principles
https://www.mozilla.org/en-US/privacy/principles/ [mozilla.org]
Mozilla: Firefox: The Most Trusted Browser on the Web
https://www.mozilla.org/en-US/firefox/desktop/trust/ [mozilla.org]
Mozilla: Privacy Preferences and Do Not Track
https://support.mozilla.org/t5/Manage-preferences-and-add-ons/Settings-for-privacy-browsing-history-and-do-not-track/ta-p/1276 [mozilla.org]
Mozilla: Internet Health Report
https://www.mozilla.org/en-US/internet-health/ [mozilla.org]
Mozilla: Winter of Security 2016
https://wiki.mozilla.org/Security/Automation/Winter_Of_Security_2016#Winter_Of_Security_2016 [mozilla.org]
An argument could be made that a lot of those links are just PR stuff, but IMO getting the general public to give a damn is the most important (and most difficult) battle we need to win here. And they ARE doing good things on the code front as well, they've got better privacy features built-in to Firefox and as first-party plugins than any other browser that I know of.
I consider Mozilla to be one of our best allies in this particular war. Right up there with the EFF. And they need all the support we can give them for that -- there's a lot of very big companies with very deep pockets working against them.
(Score: 3, Informative) by Wootery on Wednesday April 05 2017, @07:20PM
Good links, thanks. I do stand by what I said about emphasis on security though. It's shit like this. [securityzap.com]