Security vulnerabilities and automated fixes for binary parsing issues
1 post found
A critical heap buffer overflow vulnerability was discovered and patched in archo.cpp, a Mach-O binary parsing component used in mobile app signing toolchains. Attackers could craft malicious Mach-O binaries or dylib files to trigger memory corruption, potentially leading to arbitrary code execution. The fix adds proper bounds validation before memcpy operations, eliminating the ability for attacker-controlled file content to overflow heap buffers.