upvote

points

by staticassertion3 hours ago |
comments
upvoteby jryio2 hours ago|
next
[-]
The majority of vulnerabilities are in newly committed lines of code. This has been shown again and again [1] [2]

From a marketing standpoint Anthropic is showing that they're able to direct 'compute' to find vulnerabilities where human time/cost is not efficient or effective.

Project Glasswing is attempting to pay off as many of these old vulnerabilities as possible now so the low-hanging fruit has already been picked.

The next generation of Mythos and real world vulnerabilities exploits are going to be in newly committed code...

[1]: https://dl.acm.org/doi/epdf/10.1145/2635868.2635880

[2]: https://arxiv.org/abs/2601.22196

reply
upvoteby staticassertion2 hours ago|
parent|
[-]
> The majority of vulnerabilities are in newly committed lines of code. This has been shown again and again

That's fine, I wouldn't argue against that. It doesn't really change things, right?

> From a marketing standpoint Anthropic is showing that they're able to direct 'compute' to find vulnerabilities where human time/cost is not efficient or effective.

Yes, they've demonstrated that.

reply
upvoteby rfoo2 hours ago|
prev|
[-]
> Mythos Preview identified a memory-corruption vulnerability in a production memory-safe VMM. This vulnerability has not been patched, so we neither name the project nor discuss details of the exploit.

Good morning Sir.

> Has anything changed here? I don't pay much attention but KASLR was considered basically useless for preventing LPE a few years ago.

No. It's still like this. Bonus point that there are always free KASLR leaks (prefetch side-channels).

But then, this thing is just.. I don't have a word for this. Just randomly read paragraphs from the post and it's like, what?

reply
upvoteby staticassertion2 hours ago|
parent|
[-]
Oh, that. That's true, I didn't know Mythos found that one. I guess I will not comment further on it until there's a write up (edited out a bit more).

> It is easy to turn this into a denial-of-service attack on the host, and conceivably could be used as part of an exploit chain.

So yeah, perhaps some evidence to what I'm getting at. Bug density is too low in that project, it's high enough in others. I'll be way way way more interested in that.

> But then, this thing is just.. I don't have a word for this. Just randomly read paragraphs from the post and it's like, what?

I read about 30% and got bored. I suppose I should have been clearer, but my impression was pretty quickly "cool" and "not worth reading today".

reply
upvoteby rfoo2 hours ago|
parent|
[-]
> I read about 30% and got bored.

I was lucky then :) Somehow I saw this first. And then the "somewhat reliably writing exploits for SpiderMonkey" part, and then the crypto libraries part. Finally I wonder why is there a Linux LPE mini writeup and realized it's the "automatically turn a syzkaller report to a working exploit" part.

Now that I read the first few things (meh bugs in OpenBSD, FFmpeg, FreeBSD etc) they are indeed all pretty boring!

reply
upvoteby staticassertion2 hours ago|
parent|
[-]
If people want exploitable syzkaller reports, following spender is free!
reply