We are back for the first 2022 binary episode, and its all kernel. Obtaining root through an hours long exploit process on Ubuntu thanks to an invalid free, use-after-free in XNU due to bad locking, and some terrible code in Samsung S20 DSP kernel driver with multiple integer overflows.
Hex-rays/Adobe cross-over as they move to a subscription model and we are not too happy about it, we also discuss a few interesting bugs this week from an odd optimization and a signedness bug in Chrome, to some mishandled null-bytes in runc, and a subtle object-state confusion in the Linux kernel
A few easy issues this week, but some discussion about fuzzing campaigns and measurements and bypassing modern mitigations.
Starting off this week with the new humble bundle and some discussion about hacking books. Then onto the vulns, some OOB access, uninitalized memory, and iOS exploit strategy.
Some mroe kernel bugs this week as we look at bugs in Samsung's NPU driver (Android), Linux, and the WIndows Kernel.
North Korea is at it again targeting researchers, 0day hoarding, breaching secure hardware, and fuzzing on this weeks episode.
Some interesting vulnerability envrionments this week, some Trusted App issues, a couple Linux Kernel vulns, and a look at memory safety issues in unsafe Rust.
This week we dive into PHP-FPM internals to look at escelating from a worker process to the root process, anotehr GDI bug, and a type confusion.
We start off this week with a look at in-the-wild 0days from the past seven years, before diving into some pretty awesome bugs this week including a OOB access in Squirrel (programming language), a couple Linux kernel issues and a Chrome garbage collector bug.
Tianfu Cup happened this week, we also got some cool windows and webkit issues, along side an improvment to the House of IO attack