Get Mystery Box with random crypto!

Remote exploitation of a man-in-the-disk vulnerability in What | PT SWARM

Remote exploitation of a man-in-the-disk vulnerability in WhatsApp (CVE-2021-24027).

TL;DR: Leak External Storage (/sdcard), remotely collect TLS cryptographic material, MitM WhatsApp communications, RCE on victim device, extract keys used for end-to-end encrypted user communications.

Contents:
• Intro
• The Android Media Store Content Provider
• The Chrome CVE-2020-6516 Same-Origin-Policy bypass
• Session Resumption and Pre-Shared Keys in TLS 1.3
• Session Resumption and the Master Secret in TLS 1.2
• The WhatsApp TLS Man-in-the-Disk Vulnerabilities
• From TLS secrets collection to Remote Code Execution
• Stealing the victim's Noise protocol key pair
• Conclusion and future work
• References

https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
Next Message
telegram-store.com © 2016-2024
Non official site about Telegram
All rights reserved. Copying and using of full materials is prohibited, partial quoting is possible only with a hyperlink to the site telegram-store.com.