Kicking off the week with some discussion about DOJ's policy change before getting into some vulnerabilities: "powerdir" a macOS TCC bypass, an integer overflow on the web, and another attack against HelloSign and their Google Drive integration
We have a couple normally low-impact bugs in Solana rBPF this week netting a $200k bounty, a Python 2.7+ Use-After-Free and a PS4 and PS5 remote kernel heap overflow along with some discussion about exploitability and usability for a jailbreak.
A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs.
Just a few vulnerabilities this week, but we have some codeql discussion as its used to find several vulnerabilities in Accel-PPP VPN server, and a look at a bug submitted to Pwn2Own 2021.
Some interesting vulnerabilities this week from a Cloudflare Pages container escape chain, to hacking a bank's web application with some neat tricks to get abuse a file-write in a hardened envrionment, and even another dumb smart-contract bug.
A few vulnerabilities from a TOCTOU to an arbitrary free, and some research into using data-flow in your fuzzing.
Some straight forward bugs this week with some interesting discussion around cryptographic protocols (VMWare Workspace), XSS in the Web3 world, and whether container escapes into a low-privileged VM matter. Along with a couple just note-worthy test-cases to keep in mind while bug hunting.
We are joined by Cts for a discussion about getting into vulnerability research and some thoughts about the higher-level bug hunting process, then a look at some black-box fuzzing of MS Defender for IoT and a FUSE use-after-free.
An intresting mix of issues from crypto (Psychic Signatures), to a bad vulnerability patching service (patching log4shell), and bad logic leading to authentication bypassing and leaking sensitive keys.
A massive 11,000 byte overflow in WatchGuard, some discussion about lock-related vulnerabilities and analysis, and a look at a ChakraCore exploit dealing with all the mitigations (ASLR, DEP, CFG, ACG,CIG)