We cover a comical saga of vulnerabilities and variants from incomplete fixes in macOS, as well as a bypass of Chrome's miraclePtr mitigation against Use-After-Frees (UAFs). We also discuss an attack that abuses COM hijacking to elevate to SYSTEM through AVG Antivirus, and a permissions issue that allows unauthorized access to DRM'd audiobooks.
In this episode, we discuss the US government discloses how many 0ds were reported to vendors in a first-ever report. We also cover PortSwigger's top 10 web hacking techniques of 2024, as well as a deep dive on how kernel mode shadow stacks are implemented on Windows by Connor McGarr.
On the web side, we cover a portswigger post on ways of abusing unicode mishandling to bypass firewalls and a doyensec guide to OAuth vulnerabilities. We also get into a Windows exploit for a use-after-free in the telephony service that bypasses Control Flow Guard, and a data race due to non-atomic writes in the macOS kernel.
Zero Day Initiative posts their trends and observations from their threat hunting highlights of 2024, macOS has a sysctl bug, and a technique leverages CloudFlare to deanonymize users on messaging apps. PortSwigger also publishes a post on the Cookie Sandwich technique, and Subaru's weak admin panel security allows tracking and controlling other people's vehicles.
This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign.
Specter and zi discuss their winter break, cover some interesting CCC talks, and discuss the summary judgement in the WhatsApp vs. NSO Group case.
In our last episode of 2024, we delve into some operating system bugs in both Windows and Linux, as well as some bugs that are not bugs but rather AI slop.
This week's episode contains some LLM hacking and attacks on classifiers, as well as the renewal of DMA attacks with SD Express and the everlasting problems of null bytes.
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass.
Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack.