WebKit Bugs, a Windows Race, and House of IO Improved [Exploit Dev/VR]


Manage episode 305145124 series 2606557
By dayzerosec. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/webkit-bugs-a-windows-race-and-house-of-io-improved.html

Tianfu Cup happened this week, we also got some cool windows and webkit issues, along side an improvment to the House of IO attack

[00:00:17] Spot The Vuln - Prepare To Inject - Solution

[00:03:14] Tianfu Cup 2021

[00:09:10] Six Privilege Escalations and an Info Leak in Windows [Blackswan vulnerabilities]

[00:25:16] nt!ObpCreateSymbolicLinkName Race Condition Write-Beyond-Boundary

[00:31:37] CVE-2021-30858: Use-after-free in WebKit

[00:44:53] WebKit: heap-use-after-free in DOMWindow::open

[00:50:23] House of IO - Heap Reuse

[01:02:06] Getting started in macOS security

The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:

  • Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
  • Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9

Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

104 episodes