Need help?
<- Back

Comments (195)

  • goodburb
    Tested on three Android devices (version 9, 13, 16) with different Firefox versions under 150 (had to modify for older).Two boot looped, I had to enter recovery and the other just powered off [0].The demo modifies the wallpaper on supported Pixel devices.[0] IonStack https://rootme.nebusec.ai____Tip: Install a Chromium flavor browser (Chromite) separate from the main browser.Disable Javascript and hardware accelerated video decoder (commonly exploited) from the flags page and enable reader mode to fix broken JS-dependent websites when browsing blogs and random sites on your personal devices, else dedicate a tablet.
  • password4321
    Forgot to include "LPE" (local...) in the title so most of us can get back to weekending.
  • teleforce
    >Google has rewarded us $92,337 in kernelCTFI'm all ears now
  • 0x1ceb00da
    Does that mean any android app can use ndk native code execution to become root? Does selinux help here?
  • amatecha
    Daaaaamn: "GhostLock was introduced in Linux 2.6.39 and fixed in Linux 7.1."
  • reorder9695
    Could this be used to unlock bootloaders on typically non unlockable phones? If so this could be one of the best things to happen to Android.
  • pkoiralap
    Huge kudos to the security researchers for 1, finding an exploit, and 2, unlike copyfail, excluding a zero-day ready-to-use LPE script that anyone could have used.I tried using this for LPE on a Rocky9 for a couple of hours and thankfully couldn't get it to work. So that means unless you have quite some free time on your hand, or are extremely good at doing what you do, you can't actually use this to get LPE on enterprise distros.
  • tangenter
    Fuck it. I’m exclusively running the book version of minix from now on, neovim be damned. The exploit surface of these kernels is wild.
  • anthk
    A good think I use JS less browsers.
  • anon
    undefined
  • poly2it
    Is HN bugged? I swear I have read these comments the day prior, there is no way they are from within 10 hours?
  • alexjplant
    > This is the same shape as many other life-cycle bugs [...]Claude-ism detected. IME with Claude Code an object does not have a type or definition, apparently, but rather a shape (or at least it reaches for that word before more technically-accurate ones). Problems are not of a similar class or type, but of the same shape. Functions are not defined by their signatures but by their shape. Who talks like this and how did it make its way into the training data so pervasively?
  • pseudocoder204
    [dead]
  • tangsoupgallery
    [flagged]
  • mixmastamyk
    A what?
  • bitwize
    "Nothing could have prevented this from happening," say users of only language where this happens
  • Uptrenda
    Has anyone in infosec ever seen the term "use after free" before LLMs? Or is this basically an acronym claude invented? I say this because I see claude use this term all the time like its common knowledge but in 15+ years in tech never seen it myself. I've seen all kinds of terms used to describe memory errors: memory corruption, heap corruption, stack corruption, whatever, just never this acronym.
  • KasianFranks
    So has the church of the subgenius.
  • KnockOutEZ
    Damn
  • 0xbadcafebee
    Do we really need infosec companies now that a skid with claude can find decades-old kernel privesc over a weekend?Also can we talk about how bad Linux security is? At this point it's becoming a real liability to run anything on Linux that needs to be secure. OpenBSD has been around for ages, is written in C, and is really, really secure. Do they support containers yet (or microVMs)? Cuz if they do, I'm moving my workloads to obsd.