[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY episode artwork

EPISODE · Oct 24, 2023 · 48 MIN

[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY

from Day[0] · host dayzerosec

Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html [00:00:00] Introduction [00:00:14] How I made a heap overflow in curl [00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service [00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600] [00:38:10] CONSTIFY: Fast Defenses for New Exploits [00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit [00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Episode metadata supplied by the publisher feed · Published Oct 24, 2023

Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows kernel code, and an integer underflow in Safari with some questionable exploitation. Ending the episode with some thoughts on how impactful grsecurity's "constify" mitigation could be. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/220.html [00:00:00] Introduction [00:00:14] How I made a heap overflow in curl [00:17:32] Critically close to zero (day): Exploiting Microsoft Kernel streaming service [00:30:34] Story of an innocent Apple Safari copyWithin gone (way) outside [CVE-2023-38600] [00:38:10] CONSTIFY: Fast Defenses for New Exploits [00:46:53] An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit [00:47:40] Getting RCE in Chrome with incomplete object initialization in the Maglev compiler The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

PodParley-generated summary based on available episode metadata and transcript content.

NOW PLAYING

[binary] Windows Kernel Bugs, Safari Integer Underflow, and CONSTIFY

0:00 48:56

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Day[0]?

This episode is 48 minutes long.

When was this Day[0] episode published?

This episode was published on October 24, 2023.

What is this episode about?

Diving right into some binary exploitation issues this week. Starting wtih a look at a rare sort of curl vulnerability where a malicious server could compromise a curl user. Then we take a look at a pretty straight-forward type confusion in Windows...

Can I download this Day[0] episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!