A lot of discussion about the OpenSSL vulnerability, fuzzing and exploitation. Then into a RCE in XML Signature verification, and a Samsung exploit chain.
Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others.
Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite.