![]() Stranger Strings: An exploitable flaw in SQLite heap-use-after-free in AccountSelectionBubbleView::OnAccountImageFetched Towards the next generation of XNU memory safety: kalloc_type Kicking off the week with a look at Apple's new security blog and the kalloc_type introduced into XNU, then a mix of issues including an overflow in SQLite. RepositoryPipeline allows importing of local git repos Weird Vulnerabilities Happening on Load Balancers, Shallow Copies and Caches Decoding $220K Read-only Reentrancy Exploit Exploiting Static Site Generators: When Static Is Not Actually Static Vulnerabilities in Apache Batik Default Security Controls - SSRF and RCE Through Remote Class Loading Several slightly weird issues this week, a reentrancy attack abusing a read-only function, SSRF and XSS through a statically generated website and others. We are also available on the usual podcast platforms: Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities The DAY Podcast episodes are streamed live on Twitch twice a week: Symbolic Triage: Making the Best of a Good Situation A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain Gregor Samsa: Exploiting Java's XML Signature Verification Links and vulnerability summaries for this episode are available at: Then into a RCE in XML Signature verification, and a Samsung exploit chain. A lot of discussion about the OpenSSL vulnerability, fuzzing and exploitation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |