#MemorySafety

ISAs and the Dawning Hardware Security Revolution

by

December 20, 2023 at 08:19PM Evolution of IT security presents a dynamic battleground between software sophistication and hardware advancements. While software remains the primary focus, emerging hardware technologies, such as advanced instruction set architecture (ISA) extensions, promise groundbreaking contributions to IT security capabilities. Open source technologies, like Capability Hardware Enhanced RISC Instructions (CHERI), exemplify the … Read more

Mozilla Patches Firefox Vulnerability Allowing Remote Code Execution, Sandbox Escape

by

December 20, 2023 at 10:21AM Mozilla announced security updates for Firefox 121 and Thunderbird 115.6 addressing 21 vulnerabilities, including high-severity issues like WebGL heap buffer overflow, NSS NIST curves vulnerability to Minerva attack, and uninitialized data exposure in EncryptingOutputStream. Both updates also include patches for several memory safety issues. The release notes contain further details. … Read more

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities

by

December 13, 2023 at 09:12AM Google is promoting the use of Clang sanitizers for enhancing the security of Android’s cellular baseband. The sanitizers, such as IntSan and BoundSan, help detect vulnerabilities and prevent remote code execution. Despite performance overhead, Google has enabled them in critical attack surfaces. The move complements the transition to memory-safe languages … Read more

Five Eyes Agencies Publish Guidance on Eliminating Memory Safety Bugs

by

December 7, 2023 at 10:54AM Five Eyes government agencies issued guidance for developing strategies to address memory safety vulnerabilities. Takeaway from Meeting: – Government agencies from the Five Eye countries (United States, United Kingdom, Canada, Australia, and New Zealand) have released new guidelines to assist in the development of roadmaps for memory safety. – The … Read more