In this episode we have an libXPC root privilege escalation, a run-as debuggability check bypass in Android, and digital lockpicking on smart locks.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/249.html
[00:00:00] Introduction
[00:00:21] Progress OpenEdge Authentication Bypass Deep-Dive [CVE-2024-1403]
[00:05:19] xpcroleaccountd Root Privilege Escalation [CVE-2023-42942]
[00:10:50] Bypassing the “run-as” debuggability check on Android via newline injection
[00:18:09] Say Friend and Enter: Digitally lockpicking an advanced smart lock (Part 2: discovered vulnerabilities)
[00:43:06] Using form hijacking to bypass CSP
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
Type Confusion in Android NFC, PHP-FPM Local Privilege Escalation, and CallbackHell [Binary Exploitation]
Discourse SNS RCE, a Stored XSS in GitLab, and a Reddit Race Condition [Bug Hunting]
A Kernel Race, SuDump, and a Chrome Garbage Collector Bug [Exploit Dev/VR]
A Slack Attack and a MySQL Scientific Notation Bug [Bug Hunting]
WebKit Bugs, a Windows Race, and House of IO Improved [Exploit Dev/VR]
WebSocket Hijacking, GitHub review bypass and SQLi to RCE [Bug Hunting]
HyperKit Bugs & an Open5GS Stack Overflow [Binary Exploitation]
SharePoint RCE & an Apache Path Traversal [Bug Hunting]
Chrome Exploits and a Firefox Update Bug [Binary Exploitation]
Gatekeeper Bypass, Opera RCE, and Prototype Pollution [Bounty Hunting]
Kernel UAFs and a Parallels VM Escape [Binary Exploitation]
iOS 0days, Apache Dubbo RCEs, and NPM bugs [Bounty Hunting]
A Curl UAF, iPhone FORCEDENTRY, and a Crazy HP OMEN Driver [Binary Exploitation]
A Flickr CSRF, GitLab, & OMIGOD, Azure again? [Bounty Hunting]
NETGEAR smart switches, SpookJS, & Parallels Desktop [Binary Exploitation]
Reused VMWare exploits & Escaping Azure Container Instances [Bounty Hunting]
Escaping the Bhyve, WhatsApp, & BrakTooth [Binary Exploitation]
Takeover A Facebook, SnapChat or JetBrains Account [Bounty Hunting]
NoSQL Injection, Mobile Misconfigurations and a Wormable Windows Bug
Cross-Browser Tracking, Frag Attacks, and Malicious Rust Macros
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
Lex Fridman Podcast
The Unbelivable Truth - Series 1 - 26 including specials and pilot