Posts tagged 'Binary Podcast'

186 - An XNU Exploit and a Chrome Heap Overflow

First, we take a look at some positive changes to OSS Fuzz, then we dive into some vulnerabilities. This includes an XNU heap out-of-bounds write vulnerability, a Chrome heap-based overflow vulnerability, and an out-of-bounds read in cmark-gfm that, while probably not exploitable, is still intriguing.

182 - Exploiting Null Derefs and Windows Type COM-fusion

Null-dereferences might not be too exploitable on a lot of systems, what about the handling of a null-dereference. We cover a great Project Zero post on the topic, then look at a type confusion in Windows COM, a Nintendo buffer overflow, and several memory corruptions in git, highlighting their unique primitives and potential exploitability.

180 - An iPod Nano Bug, XNU Vuln, and a WebKit UAF

An Apple-focused episode this week, with a trivial iPod Nano BootRom exploit, and a WebKit Use-after-free. We also have a really cool XNU Virutal Memory bug, strictly a race condition and a logic differential between two alternate paths resulting in bypassing copy-on-write protection. We also handle a few questions from chat, how much reverse engineering is necessary for vuln research, how much programming knowledge is required, and a bit about AI's applicability to reverse engineering.

176 - JS Type Confusions and Bringing Back Stack Attacks

In this episode, we discuss the discovery of a type confusion in Internet Explorer's JScript. We also explore a fun exploit strategy for a low-level memory management bug in the Linux kernel and delve into several issues in Huawei's Secure Monitor that enable code execution in the secure world.