Hey guys - been a while.
I'm back with a new video today where we take a look at CVE-2023-38600 - a memory corruption bug within JavaScriptCore on macOS and iOS.
The bug is caused by an integer underflow, which leads to a memmove call with a large size value. In terms of WebKit vulnerabilities, this one has a nice and simple trigger which makes it a good starting point for beginners interested in WebKit exploitation and browser exploitation.
https://www.zerodayinitiative.com/blog/2023/10/17/cve-2023-38600-story-of-an-innocent-apple-safari-copywithin-gone-way-outside
zygosec.com
@bellis1000
