We are back for the first 2022 binary episode, and its all kernel. Obtaining root through an hours long exploit process on Ubuntu thanks to an invalid free, use-after-free in XNU due to bad locking, and some terrible code in Samsung S20 DSP kernel driver with multiple integer overflows.
More cases of developers make insecure assumptions and getting owned because of it. This week we've got a Flickr account takeover, escalating restricted SSRF into something more useful, and XSS to RCE in Rocket.Chat.
Hex-rays/Adobe cross-over as they move to a subscription model and we are not too happy about it, we also discuss a few interesting bugs this week from an odd optimization and a signedness bug in Chrome, to some mishandled null-bytes in runc, and a subtle object-state confusion in the Linux kernel
Some readily understood vulnerabilities, but with some interesting impacts, from escalating self-XSS to cross-account CSRF, data exfiltration with CSS, web-cache poisoning and MFA bypassing.
Starting off this week with the new humble bundle and some discussion about hacking books. Then onto the vulns, some OOB access, uninitalized memory, and iOS exploit strategy.
What happens when a vendor refused to fix your bug? Well you can go claim a bunch of bounties with it. We also talk about some novel request smuggling research on this episode.
We are joined by Bastian Gruber to start the episode with a discussion about Rust. Then we'll dive into a few interesting vulnerabilities this week including yet another ECDSA implementation issue and some header smuggling research.
Some interesting vulnerability envrionments this week, some Trusted App issues, a couple Linux Kernel vulns, and a look at memory safety issues in unsafe Rust.
A discussion heavy episode this week, starting off with the "new" Trojan Source attackers, and then talking about a handful of interesting vulnerabilities.