[binary] MTE Debuts, DNS Client Exploits, and iTLB Multihit
As memory tagging (MTE) finally comes to a consumer device, we talk about how it may impact vulnerability research and exploit development going forward. Then we get into a few vulnerabilities including a DNS response parsing bug on the Wii U, an Adobe Acrobat bug that was exploited by a North Korean APT, and a CPU bug (iTLB Multihit). Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/222.html [00:00:00] Introduction [00:00:23] Hexacon 2023 Talks [00:02:48] First handset with MTE on the market [00:24:15] Exploiting DNS response parsing on the Wii U [00:33:11] Adobe Acrobat PDF Reader RCE when processing TTF fonts [CVE-2023-26369 [00:46:18] iTLB multihit The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9