2020-12: another reason why JavaScript SUCKS badly and websites NEED TO WORK without JS: it might “destroy” NAT security:

NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website.

https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results

Confirmed! JavaScript is indeed EVIL!

just imagine you surf a hacked website… that hijacks your phone calls expensive numbers… sends spam mail and whatsapp messages to your trusted friends and encrypts all your holiday pictures.

CONGRATULATIONS!

“The duo used an integer overflow in the JavaScript engine of the web browser to exfiltrate a picture from the phone. They earn $25K and 6 Master of Pwn points.”

https://www.youtube.com/channel/UChbH7B5YhXANmlMYJRHpw0g

https://www.linkedin.com/in/michael-contreras-460029a7

as seen on:

admin