08 December 2020 Show Notes 56 - Rooting iOS, Hacking with cURL, and the end of Use-After-Free 00:00:43 Improving open source security during the Google summer internship program 00:03:35 Justices seem wary of breadth of federal computer fraud statute 00:11:37 Update regarding Snapchat SSRF 00:12:53 A 3D Printed Shell 00:20:19 Site Wide CSRF on Glassdoor 00:24:24 [GitLab] Stored-XSS in error message of build-dependencies 00:27:44 Playstation Now RCE 00:32:29 MS Teams RCE (Important, Spoofing) 00:38:34 An iOS zero-click radio proximity exploit odyssey Additional Links: https://bugs.chromium.org/p/project-zero/issues/detail?id=1982 00:54:58 [curl] heap-based buffer overrun in /lib/urlapi.c 01:02:51 Google Duo: Race condition can cause callee to leak video packets from unanswered call 01:05:35 Linux kernel heap quarantine versus use-after-free exploits Additional Links: https://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u 01:13:23 Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant 01:22:57 XS-Leaks Wiki Additional Links: https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html 01:27:14 Hacking 101 by No Starch Press 01:33:40 Gamozo Labs FuzzOS