An update on Apple v. Corellium, some 3DS vulnerabilities, and some drama on this weeks episode.
[00:00:34] Remote Chaos Experience
https://media.ccc.de/c/rc3
[00:20:06] Apple Inc. v. Corellium, LLC
https://www.courtlistener.com/docket/16064642/784/apple-inc-v-corellium-llc/
[00:28:17] The Great Suspender - New maintainer is probably malicious
https://github.com/greatsuspender/thegreatsuspender/issues/1263
[00:36:59] An HTML Injection Worth 600$ Dollars
https://medium.com/bugbountywriteup/a-html-injection-worth-600-dollars-5f065be0ab49
[00:44:06] Zoom Meeting Connector Post-Auth Remote Root
https://packetstormsecurity.com/files/160736/zoomer.py.txt
[00:46:21] Hijacking Google Docs Screenshots
https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/
[00:49:49] Nintendo 3DS - Improper certificate validation allows an attacker to perform MitM attacks
https://hackerone.com/reports/894922
[00:52:02] Nintendo 3DS - Unchecked number of audio channels in Mobiclip SDK leads to RCE in eShop movie player
https://hackerone.com/reports/897606
https://twitter.com/forestillusion/status/1341230631913541633
https://news.ycombinator.com/item?id=25508782
[00:55:45] Apple macOS 6LowPAN Vulnerability [CVE-2020-9967]
https://alexplaskett.github.io/CVE-2020-9967/
[01:01:24] An iOS hacker tries Android
https://googleprojectzero.blogspot.com/2020/12/an-ios-hacker-tries-android.html
[01:14:29] Turning Imprisonment to Advantage in the FreeBSD ftpd chroot Jail [CVE-2020-7468]
https://www.thezdi.com/blog/2020/12/21/cve-2020-7468-turning-imprisonment-to-advantage-in-the-freebsd-ftpd-chroot-jail
[01:18:36] Cross Layer Attacks and How to Use Them (for DNS Cache Poisoning, Device Tracking and More)
https://arxiv.org/abs/2012.07432
[01:27:17] Helping secure DOMPurify (part 1)
https://research.securitum.com/helping-secure-dompurify-part-1/
[01:28:23] A WIP "Vulnerable by Design" kext for iOS/macOS to play & learn *OS kernel exploitation
https://github.com/ant4g0nist/Vulnerable-Kext
[01:30:01] PS4 7.02 WebKit + Kernel Chain Implementation
https://github.com/ChendoChap/ps4-ipv6-uaf/tree/7.00-7.02
Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)
Or the video archive on Youtube (@dayzerosec)
![Day[0]](https://is1-ssl.mzstatic.com/image/thumb/Podcasts125/v4/a6/69/69/a6696919-3987-fbc0-8e0c-1ba0e1349a2b/mza_6631746544165345331.jpg/300x300bb-75.jpg)