Bit of a lighter episode this week with a Linux Kernel ASLR bypass and a clever exploit to RCE FortiGate SSL VPN.
In this week's binary episode, Binary Ninja Free releases along with Binja 4.0, automated infoleak exploit generation for the Linux kernel is explored, and Nintendo sues Yuzu.
VirtualBox has a very buggy driver, PostgreSQL has an Out of Bounds Access, and lifetime issues are demonstrated in Rust in "safe" code.
Linux becomes a CNA and takes a stance on managing CVEs for themselves, and underutilized fuzzing strategies are discussed.
Google makes some changes to their kCTF competition, and a few kernel bugs shake out of the LogMeIn and wlan VFS drivers.
Libfuzzer goes into maintenance-only mode and syslog vulnerabilities plague some vendors in this week's episode.
This week's binary episode features a range of topics from discussion on Pwn2Own's first automotive competition to an insane bug that broke ASLR on various Linux systems. At the lower level, we also have some bugs in UEFI, including one that can be used to bypass Windows Hypervisor Code Integrity mitigation.
A bit of a game special this week, with a Counter-Strike: Global Offensive vulnerability and an exploit for Factorio. We also have a Linux kernel bug and a Chromecast secure-boot bypass with some hardware hacking mixed in.
This week's highly technical episode has discussion around the exploitation of a libwebp vulnerability we covered previously, memory tagging (MTE) implementation with common allocators, and an insane iPhone exploit chain that targeted researchers.
A bit of a rambling episode to finish off 2023, we talk about some Linux kernel exploitation research (RetSpill) then get into several vulnerabilities. A type confusion in QNAP QTS5, a JavaScriptCore bug in Safari, and several issues in Steam's Remote Play protocol.