Return of the Zombieload, Bezos Hacked, and other exploits

This week we look at 15 CVEs this week including the new MDS Attacks/Zombieload and GhostImage a cool attack against vision-based classification systems. We also have discussion about mobile vs desktop security.

Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST)

[00:01:33] Pwn2Own Miami 2020

[00:06:32] Allegations that Saudi Crown Prince involved in hacking of Jeff Bezos’ phone

https://twitter.com/dinodaizovi/status/1221324029841244161

[00:11:25] Chris Rohlf on Twitter: "...Mobile security was largely a success relative to the state of the desktop..."

[00:25:49] More MDS Attacks: Intel Patching its Patch of the Patch for MDS/ZombieLoad Attacks

https://blogs.intel.com/technology/2020/01/ipas-intel-sa-00329/#gs.upv68b

[00:31:34] MDHex Vulnerabilities

[00:42:55] JSSE Client Authentication Bypass (CVE-2020-2655)

[00:55:37] Local Privilege Escalation in many Ricoh Printer Drivers for Windows (CVE-2019-19363)

[00:58:34] ModSecurity Denial of Service (CVE-2019-19886)

[01:02:47] GGvulnz - How I hacked hundreds of companies through Google Groups

[01:09:14] Neowise CarbonFTP v1.4 / Insecure Proprietary Password Encryption (CVE-2020-6857)

[01:14:40] arm64: uaccess: Ensure PAN is re-enabled after unhandled uaccess fault - Patchwork

[01:18:54] Cisco Webex Meetings Suite and Cisco Webex Meetings Online Unauthenticated Meeting Join Vulnerability (CVE-2020-3142)

[01:21:35] iGPU Leak: An Information Leakage Vulnerability on Intel Integrated GPU (CVE-2019-14615)

[01:28:41] Information Leaks via Safari's Intelligent Tracking Prevention

[01:39:02] GhostImage: Perception Domain Attacks against Vision-based Object Classification Systems

[01:44:46] Nightmare - A collection of binary exploitation / reverse engineering challenges and writeups

[01:49:26] The Life of a Bad Security Fix

[01:51:22] macOS/iOS: ImageIO: heap corruption when processing malformed TIFF image