26 May 2020 Show Notes 43 - Zoom E2E, 15 year old bugs, and killing 20 year old attacks 00:00:57 Adventures of porting MUSL to PS4 00:02:02 End-to-End Encryption for Zoom Meetings 00:13:23 Memory safety - The Chromium Projects 00:21:24 First 0d iOS jailbreak in 6 years 00:24:18 BIAS: Bluetooth Impersonation AttackS Additional Links: https://little-canada.org/pdf/web/viewer.html?file=antonioli-20-bias.pdf https://francozappa.github.io/about-bias/talk/bias-snp/ 00:33:20 15 years later: Remote Code Execution in qmail (CVE-2005-1513) Additional Links: http://tukan.farm/2016/07/27/munmap-madness/ https://cr.yp.to/qmail/guarantee.html http://www.guninski.com/where_do_you_want_billg_to_go_today_4.html 00:48:08 Privilege Escalation in Parallels Desktop via VGA Device [CVE-2020-8871] Additional Links: https://twitter.com/matalaz/status/580600098092105728 00:55:57 Multiple vulnerabilities in Dovecot IMAP server 00:59:12 Yet another arbitrary delete EoP [CVE-2020–1088] 01:06:36 Vulnerabilities chain leading to privilege escalation [NordVPN] 01:09:34 Race condition in activating email resulting in infinite amount of diamonds received 01:12:30 RCE in Google Cloud Deployment Manager 01:28:24 QNAP Pre-Auth Root RCE 01:37:14 Safe-Linking - Eliminating a 20 year-old malloc() exploit primitive 01:47:44 Not So Fast: Understanding and Mitigating Negative Impacts of Compiler Optimizations on Code Reuse Gadget Sets 02:05:50 Precise XSS detection and mitigation with Client-side Templates 02:18:00 Documenting the impossible: Unexploitable XSS labs