One bit flip to corrupt it all: Exploitation of an old Linux kernel vulnerability using PageJack, a modern technique to create Use After Free bugs

One bit flip to corrupt it all: Exploitation of an old Linux kernel vulnerability using PageJack, a modern technique to create Use After Free bugs.
Here Jean Vincent shows you how
https://blog.quarkslab.com/pagejack-in-action-cve-2022-0995-exploit.html

Another antivirus ️, another unfulfilled promise . @kaluche_ turns Avira's protection into a privilege escalation playground. This time: not 1, not 2, but 3 LPE vectors via symlink abuse (CVE-2026-27748, CVE-2026-27750) and unsafe deserialization (CVE-2026-27749).

Find out more: https://blog.quarkslab.com/avira-deserialize-delete-and-escalate-the-proper-way-to-use-an-av.html

Why macOS AVs shouldn’t trust PIDs - new post by @Coiffeur0x90

Intego X9: XPC validation falls back to PID → PID reuse + posix_spawn() shenanigans ⇒ confused deputy / privileged methods abused 🧨

Lesson: PID ≠ identity.
Check it out https://blog.quarkslab.com/intego_lpe_macos_2.html