EPISODE · Oct 24, 2023 · 48 MIN
[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
from Day[0] · host dayzerosec
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html [00:00:00] Introduction [00:00:14] How I made a heap overflow in curl [00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service [00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600] [00:38:10] CONSTIFY: Fast Defenses for New Exploits [00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit [00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
What this episode covers
Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html [00:00:00] Introduction [00:00:14] How I made a heap overflow in curl [00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service [00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600] [00:38:10] CONSTIFY: Fast Defenses for New Exploits [00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit [00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
NOW PLAYING
[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY
No transcript for this episode yet
Similar Episodes
Sep 22, 2023 ·20m
Sep 22, 2023 ·20m
Sep 22, 2023 ·27m
Sep 22, 2023 ·14m
Sep 22, 2023 ·24m
Sep 22, 2023 ·22m