Some Discord, a Bad Neighbor and a BleedingTooth
02:16:27 Share

It has been a while since we had an exploit extravaganza but here we are. Several binary-level issues from Bad Neighbor on Windows to BleedingTooth on Linux, and several vulns in Qualcomm SoCs, even a Discord RCE.

• [00:00:57] Introducing Edge Vulnerability Research )

• [00:06:57] Cache Partitioning in Chrome)

• [00:10:29] Magma: A Ground-Truth Fuzzing Benchmark)

• [00:25:27] "Bits Please!" - CVE-2020-16938)

• [00:29:50] ContainerDrip [CVE-2020-15157])

• [00:40:01] Discord Desktop app RCE)

• [00:52:34] Time Based SQLi via referrer header)

• https://www.fedscoop.com/hack-the-army-2-results/)

• [00:57:35] PyYAML 0day)

• [01:09:24] Phantom of the ADAS)

• [01:15:03] Rollback Attack in Mozilla Maintenance Service)

• [01:19:33] Glitching The MediaTek BootROM)

• [01:25:05] AssaultCube RCE: Technical Analysis)

• [01:32:27] CVE-2020-12928 - Privilege Escalation in AMD Ryzen Master)

• [01:35:38] Major Vulnerabilities in Qualcomm QCMAP)

• [01:42:58] Bad Neighbor - RCE in Windows ICMPv6 Router Advertisement)

• [01:51:16] DOS2RCE: A New Technique to Exploit V8 NULL Pointer Dereference Bug (see: https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers)

• [01:56:34] BleedingTooth - Linux Bluetooth Zero-Click RCE)

  • https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq)

  • https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq)

  • https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649)

• [02:07:25] shmdt doesn't check the tag of pointers)

• [02:12:29] Security Analysis of the CHERI ISA)

• [02:13:18] Evading defences using VueJS script gadgets)

• [02:14:32] Sega Master System Architecture - A Practical Analysis)

• [02:14:52] IPC scripts for access to Intel CRBUS)

Watch the DAY[0] podcast live on Twitch (@dayzerosec)) every Monday afternoon at 12:00pm PST (3:00pm EST)

Or the video archive on <a href="https:/