Difference between revisions of "IQue Player System Flaws"
Jump to navigation
Jump to search
(*pops champagne*) |
(No difference)
|
Revision as of 12:57, 25 April 2018
Hardware
| Summary | Description | Timeframe this was discovered | Discovered by |
|---|---|---|---|
| No known hardware exploits |
Secure Kernel
| Summary | Description | Successful exploitation result | Timeframe this was discovered | Discovered by |
|---|---|---|---|---|
| psychic paper: Secure Kernel could incorrectly consider a self-signed certificate chain as valid | The function for verifying certificate chains at 0x9FC028BC is passed an array of pointers to certificates.
For the first 5 elements, it checks to see if the certificate was issued by Root, if so it checks if the certificate was signed by the hardcoded Root public key (and returns immediately with the result). If the certificate wasn't signed by Root, it checks if the certificate was signed by the public key of the next certificate in the array. If all 5 certificates verified correctly, the function will return success. |
Assuming this function can be called with an attacker-controlled array of certificates, self-signing of certificates (and thus, arbitrary code execution, with full non-Secure Mode privileges) | April 2018 | Riley |
Secure Applications
| Summary | Description | Successful exploitation result | Exploitable Secure Applications | Timeframe this was discovered | Discovered by |
|---|---|---|---|---|---|
| No known Secure Application exploits |