Rooting iOS, Hacking with cURL, and the end of Use-After-Free

Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation. [00:00:43] Improving open source security during the Google summer internship program https://security.googleblog.com/2020/12/improving-open-source-security-during.html [00:03:35] Justices seem wary of breadth of federal computer fraud statute https://www.scotusblog.com/2020/12/argument-analysis-justices-seem-wary-of-breadth-of-federal-computer-fraud-statute/ [00:11:37] Update regarding Snapchat SSRF https://hackerone.com/reports/530974 [00:12:53] A 3D Printed Shell https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/ [00:20:19] Site Wide CSRF on Glassdoor https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/ [00:24:24] [GitLab] Stored-XSS in error message of build-dependencies https://hackerone.com/reports/950190 [00:27:44] Playstation Now RCE https://hackerone.com/reports/873614 [00:32:29] MS Teams RCE (Important, Spoofing) https://github.com/oskarsve/ms-teams-rce/ [00:38:34] An iOS zero-click radio proximity exploit odyssey https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.htmlhttps://bugs.chromium.org/p/project-zero/issues/detail?id=1982 [00:54:58] [curl] heap-based buffer overrun in /lib/urlapi.c https://hackerone.com/reports/547630 [01:02:51] Google Duo: Race condition can cause callee to leak video packets from unanswered call https://bugs.chromium.org/p/project-zero/issues/detail?id=2085 [01:05:35] Linux kernel heap quarantine versus use-after-free exploits https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.htmlhttps://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u [01:13:23] Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant https://arxiv.org/abs/2012.00687 [01:22:57] XS-Leaks Wiki https://xsleaks.dev/https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html [01:27:14] Hacking 101 by No Starch Press https://www.humblebundle.com/books/hacking-101-no-starch-press-books [01:33:40] Gamozo Labs FuzzOS https://gamozolabs.github.io/fuzzing/2020/12/06/fuzzos.html Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@dayzerosec)

Om Podcasten

A weekly podcast for bounty hunters, exploit developers or anyone interesting in the details of the latest disclosed vulnerabilities and exploits.