nerd7473 @nerd7473@librem.one

Driving forward in Android drivers

An article by @jenkins about exploiting a race condition in the MediaTek mtk_jpeg driver that leads to a variety of memory corruption side-effects.

The described data-only exploit leverages the bug to get a use-after-free on a dmabuf file structure and then gets an arbitrary read/write primitive to disable SELinux and gain root on Asus ROG 6D.

In the exploit, Seth deliberately avoided using the cross-cache techniques, as these might soon get mitigated by SLAB_VIRTUAL.

The article also covers:

— Approaches to discovering device drivers accessible to unprivileged users on Android;
— Using the MediaTek GED (GPU Extension Device) driver to gain extremely powerful slab memory control primitives.

https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html

Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam https://go.theregister.com/feed/www.theregister.com/2024/06/17/guidehouse_nma_fined/ #news

Hello user of Librem Social

a social.librem.one user walks into a bar. the bartender says Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

AI Is Being Trained on Images of Real Kids Without Consent
https://futurism.com/ai-trained-images-kids?utm_source=flipboard&utm_medium=activitypub

Posted into Artificial intelligence and misinformation @artificial-intelligence-and-misinformation-NewsLitProject

Hey #AskFedi,

I'm looking for a #FOSS program that merges duplicate contacts in vcf or csv format.

I found vcf_contacts_merger, but it has weird python requirements that I just couldn't manage to satisfy.

Ideally either a downloadable linux app or a FOSS #Android app (or at least a non-foss Android app that I can run with networking privileges revoked).

It can't be a google app or rely on uploading my contacts to "the cloud."

#Merci!

PostmarketOS v24.06 released

https://lwn.net/Articles/978733/ #LWN

Dive into our list of the best open-source email servers:

http://itsfoss.com/open-source-email-servers

EU to greenlight Chat Control tomorrow

Comments

How to get stuff repaired when the manufacturer don't wanna: take 'em to court https://blog.simonrumble.com/how-to-get-your-stuff-repaired-when-the-retailer-and-manufacturer-dont-wanna-take-em-to-court

Still Wakes the Deep makes the terror of the ocean more tactile https://www.theverge.com/24180103/still-wakes-the-deep-review-xbox-ps5-pc #news

IceWM 3.6 window manager: Maximize windows by double-clicking borders and enjoy enhanced character support in the address bar.
https://linuxiac.com/icewm-3-6-window-manager/

#icewm #windowmanager

The Raspberry Pi 5 Is No Match for a Tini-Mini-Micro PC

Comments

SimCity in the web browser using WebAssembly and OpenGL

Comments

Electronic Frontier Alliance members get support from a community of like-minded grassroots organizers from across the US. If your group wants to help defend our digital rights, consider joining today. https://eff.org/join-EFA

🐦🔗: https://nitter.oksocial.net/EFF/status/1802411822022316091#m

[2024/06/16 18:44]

Cell-site simulators are fishing with a net: people in the vicinity are caught in their widespread data collection, even those who have not been involved with a crime. https://www.eff.org/deeplinks/2024/06/next-generation-cell-site-simulators-here-heres-what-we-know

🐦🔗: https://nitter.oksocial.net/EFF/status/1801957830611583160#m

[2024/06/15 12:40]

We are excited to launch our new member t-shirt for 2024! Donate at the Copper Level or above to receive our new Fix Copyright t-shirt. https://eff.org/summer

🐦🔗: https://nitter.oksocial.net/EFF/status/1802042136130638025#m

[2024/06/15 18:15]

Poppler is a PDF rendering library based on the xpdf-3.0 code base. It is used by some popular open-source applications like Evince, Inkscape, LibreOffice 4.x, Okular and Scribus. If you view PDFs or export your SVG projects to PDF format, there is a high chance that your open-source application is using Poppler.

The latest stable release is poppler-24.06.1.tar.xz and was released on June 12, 2024.

https://poppler.freedesktop.org/

#linux #poppler #pdf #Evince #Inkscape #LibreOffice #Okular #Scribus