Some drama in the Linux Kernel and so many vulns resulting in code execution in Homebrew, GitLab, an air fryer, Source engine, Super Mario Maker, Adobe Reader and the Linux Kernel.

[00:00:32] On the Feasibility of Stealthily Introducing Vulnerabilities in Open-Source Software via Hypocrite Commits

https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf

https://lore.kernel.org/linux-nfs/YH+zwQgBBGUJdiVK@unreal/

https://lore.kernel.org/linux-nfs/YH%2FfM%[email protected]/

During this episode we speculated that the recent patches might be unrelated to the research. This seems to have been confirmed by U. Mn in an email we did not see before recording 

https://lore.kernel.org/lkml/CAK8KejpUVLxmqp026JY7x5GzHU2YJLPU8SzTZUNXU2OXC70ZQQ@mail.gmail.com/

[00:15:18] Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective

https://signal.org/blog/cellebrite-vulnerabilities/

[00:22:30] [Ubuntu] OverlayFS LPE

https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/

[00:25:48] Synology DSM AppArmor synosearchagent misconfiguration

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1158

[00:28:22] [GitLab] RCE via unsafe inline Kramdown options

https://hackerone.com/reports/1125425

[00:35:25] [Homebrew] Broken parsing of Git diff allows an attacker to inject arbitrary Ruby scripts to Casks on official taps

https://hackerone.com/reports/1167608

https://blog.ryotak.me/post/homebrew-security-incident-en/

[00:41:52] Remote code execution vulnerabilities in Cosori smart air fryer

https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1217

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1216

[00:48:54] Source engine remote code execution via game invites [CVE-2021-30481]

https://secret.club/2021/04/20/source-engine-rce-invite.html

[01:00:40] Discussion: Should programs be banned from Hackerone

https://dayzerosec.com

[01:08:54] [Nintendo|3DS] Buffer Overflow in Super Mario Maker level decompression

https://hackerone.com/reports/687887

[01:15:12] PrusaSlicer Obj.cpp load_obj() out-of-bounds write vulnerability

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1219

[01:20:12] Analysis of a use-after-free Vulnerability in Adobe Acrobat Reader DC

https://blog.exodusintel.com/2021/04/20/analysis-of-a-use-after-free-vulnerability-in-adobe-acrobat-reader-dc/

https://www.zerodayinitiative.com/blog/2021/4/22/cve-2021-20226-a-reference-counting-bug-in-the-linux-kernel-iouring-subsystem

[01:31:21] Designing sockfuzzer, a network syscall fuzzer for XNU

https://googleprojectzero.blogspot.com/2021/04/designing-sockfuzzer-network-syscall.html

[01:37:26] gaasedelen/tenet: A Trace Explorer for Reverse Engineers

https://github.com/gaasedelen/tenet

[01:40:41] tmp.0ut

https://tmpout.sh/1/

[01:44:35] Phœnix exploit / iOS 9.3.5

https://gist.github.com/Siguza/96ae6d6806e974199b1d44ffffca5331

[01:46:02] Experiences with Apple Security Bounty

https://theevilbit.github.io/posts/experiences_with_asb/

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the vide

Podden och tillhörande omslagsbild på den här sidan tillhör dayzerosec. Innehållet i podden är skapat av dayzerosec och inte av, eller tillsammans med, Poddtoppen.