28 January 2020 Show Notes 00:01:41 Pwn2Own Miami 2020 00:06:41 Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone Additional Links: https://twitter.com/dinodaizovi/status/1221324029841244161 00:11:33 Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..." 00:25:57 More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks Additional Links: https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b 00:31:42 MDHex Vulnerabilities 00:43:04 JSSE Client Authentication Bypass (CVE-2020-2655) 00:55:46 Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363) 00:58:42 ModSecurity Denial of Service (CVE-2019-19886) 01:02:56 GGvulnz - How I hacked hundreds of companies through Google Groups 01:09:23 Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857) 01:14:48 arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork 01:19:02 Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142) 01:21:43 iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615) Additional Links: https://github.com/HE-Wenjian/iGPU-Leak/blob/master/iGPU-Leak_Slides.pdf 01:28:50 Information Leaks via Safari's Intelligent Tracking Prevention 01:39:11 GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems 01:44:55 Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups 01:49:35 The Life of a Bad Security Fix 01:51:31 macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image