Posts tagged 'Binary Podcast'

230 - Samsung Baseband and GPU Vulns

A Samsung special this week, starting off with two Samsung specific vulnerabilities, one in the baseband chip for code execution. And a stack based overflow in the RILD service handler parsing IPC calls from the baseband chip for a denial of service. Lastly a Mali GPU driver use-after-free.

228 - Hypervisor Bugs and a FAR-out iOS bug

This week kicks off with a a V8 misoptimization leading to out-of-bounds access, an unprotected MSR in Microsoft's Hypervisor allowing corruption of Hypervisor code. We also take a quick look at a 2021 CVE with an integer underflow leading to an overflow in the Windows Kernel low-fragmentation heap, and finally an interesting information leak due to the kernel not clearing a sensitive register.

226 - A Heap of Linux Bugs

Last week we brought you several Windows bugs, this week we are talking Linux kernel vulnerabilities and exploitation. We start off looking at a weird but cool CPU bug, Reptar, then we get into nftables, io_uring, and talk about a newer mitigations hitting Linux 6.6 that randomizes the caches allocations end up in.

224 - A Bundle of Windows Bugs

We've got a few Windows bugs this week, but first a fun off-by-one null-byte write. Then we jump into a containerized registry escape, a browser escape with a very simple bug buried deep in the browser, and a kernel bug.

222 - MTE Debuts, DNS Client Exploits, and iTLB Multihit

As memory tagging (MTE) finally comes to a consumer device, we talk about how it may impact vulnerability research and exploit development going forward. Then we get into a few vulnerabilities including a DNS response parsing bug on the Wii U, an Adobe Acrobat bug that was exploited by a North Korean APT, and a CPU bug (iTLB Multihit).

220 - Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY

Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be.

216 - Busted Stack Protectors, MTE, and AI Powered Fuzzing

A binary summer-recap episode, looking at some vulnerabilities and research put out over the summer. Talking about what TPM really offers when it comes to full-disk encryption, some thoughts on AI in the fuzzing loop. Then into some cool bugs, kicking off with some ARM Memory Tagging Extension vulnerabilities, a `-fstack-protector` implementation failure and bypass, and then a look at a Android exploit that was found in-the-wild.