Vulnerability Analysis

Off By !: Exploiting a Use-after-Free in the Linux Kernel

JUNE 8, 2026

By Oliver Sieber Overview In this blog post, we discuss a use-after-free vulnerability that we found in the nftables subsystem of the Linux kernel in early 2025. This vulnerability was patched upstream on 5 February 2026...

Read More

Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

JUNE 1, 2026

By Michele Campa Overview In this blog post we take a look at a use-after-free vulnerability found in Adobe Acrobat Reader’s Escript.api module in February 2025. This issue was patched on April 2026 and...

Read More

Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation

OCTOBER 20, 2025

By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys) in March 2024. This vulnerability was patched in October...

Read More

Oops Safari, I think You Spilled Something!

AUGUST 4, 2025

Overview In February 2023, researchers at Exodus Intelligence discovered a bug in the Data Flow Graph (DFG) compiler of WebKit, the browser engine used by Safari. This bug, CVE-2024-44308, was patched by Apple in...

Read More

Windows Sockets: From Registered I/O to SYSTEM Privileges

DECEMBER 2, 2024

By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the...

Read More

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu

MARCH 27, 2024

By Oriol Castejón Overview This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over...

Read More

Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution

JANUARY 19, 2024

By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched...

Read More

Safari, Hold Still for NaN Minutes!

DECEMBER 11, 2023

By Vignesh Rao and Javier Jimenez Introduction In October 2023 Vignesh and Javier presented the discovery of a few bugs affecting JavaScriptCore, the JavaScript engine of Safari. The presentation revolved around the idea that browser research is...

Read More

Shifting boundaries: Exploiting an Integer Overflow in Apple Safari

JULY 20, 2023

By Vignesh Rao Overview In this blog post, we describe a method to exploit an integer overflow in Apple WebKit due to a vulnerability resulting from incorrect range computations when optimizing Javascript code. This...

Read More

Google Chrome V8 ArrayShift Race Condition Remote Code Execution

MAY 16, 2023

By Javier Jimenez Overview This post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following versions of Chrome and Edge: Google Chrome versions between...

Read More