> when was the last time you heard of a modern application backend being exploited through memory corruption, in any language?

It happens all the time, but it’s a bit hard to find because “modern application backend[s]” are usually written in Go or Python or Rust. Even so, you’ll find plenty of exploits based on getting a C or C++ library on the backend to parse a malformed file.

▲

comex 5 days ago | parent [-]

Are these exploits publicly documented?

▲

amluto 4 days ago | parent [-]

Some exploit authors love writing up their work. For example:

https://googleprojectzero.blogspot.com/2016/12/chrome-os-exp...

▲

comex 3 days ago | parent [-]

Not backend.

	▲	amluto 2 days ago \| parent [-]
		There is absolutely nothing special about backends in this regard except that it’s more likely that the attacker doesn’t have access to the code or binary.