Rooting iOS, Hacking with cURL, and the end of Use-After-Free

Some solid exploit development talk in this episode as we look at an iOS vuln, discuss the exploitability of a cURL buffer overflow and examine a new kernel UAF mitigation.

[00:00:43] Improving open source security during the Google summer internship program

• https://security.googleblog.com/2020/12/improving-open-source-security-during.html

[00:03:35] Justices seem wary of breadth of federal computer fraud statute

• https://www.scotusblog.com/2020/12/argument-analysis-justices-seem-wary-of-breadth-of-federal-computer-fraud-statute/

[00:11:37] Update regarding Snapchat SSRF

• https://hackerone.com/reports/530974

[00:12:53] A 3D Printed Shell

• https://www.securifera.com/blog/2020/12/02/a-3d-printed-shell/

[00:20:19] Site Wide CSRF on Glassdoor

• https://blog.witcoat.com/2020/12/03/site-wide-csrf-on-glassdoor/

[00:24:24] [GitLab] Stored-XSS in error message of build-dependencies

• https://hackerone.com/reports/950190

[00:27:44] Playstation Now RCE

• https://hackerone.com/reports/873614

[00:32:29] MS Teams RCE (Important, Spoofing)

• https://github.com/oskarsve/ms-teams-rce/

[00:38:34] An iOS zero-click radio proximity exploit odyssey

• https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html


• https://bugs.chromium.org/p/project-zero/issues/detail?id=1982

[00:54:58] [curl] heap-based buffer overrun in /lib/urlapi.c

• https://hackerone.com/reports/547630

[01:02:51] Google Duo: Race condition can cause callee to leak video packets from unanswered call

• https://bugs.chromium.org/p/project-zero/issues/detail?id=2085

[01:05:35] Linux kernel heap quarantine versus use-after-free exploits

• https://a13xp0p0v.github.io/2020/11/30/slab-quarantine.html


• https://lore.kernel.org/kernel-hardening/CAG48ez1tNU_7n8qtnxTYZ5qt-upJ81Fcb0P2rZe38ARK=iyBkA@mail.gmail.com/T/#u

[01:13:23] Hey Alexa what did I just type? Decoding smartphone sounds with a voice assistant

• https://arxiv.org/abs/2012.00687

[01:22:57] XS-Leaks Wiki

• https://xsleaks.dev/


• https://security.googleblog.com/2020/12/fostering-research-on-new-web-security.html

[01:27:14] Hacking 101 by No Starch Press

• https://www.humblebundle.com/books/hacking-101-no-starch-press-books

[01:33:40] Gamozo Labs FuzzOS

• https://gamozolabs.github.io/fuzzing/2020/12/06/fuzzos.html

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on Youtube (@dayzerosec)