2017-04-04 | iOS RCE, Moonlight Maze, and tactical bingo

Tuesday, April 4, 2017

There are two things you can control, your effort and your attitude.... let's have a day!

TODAY’S TOP STORY

Hey iOS peeps: Update yo devices! iOS 10.3.1 fixes a critical vulnerability (CVE-2017-6975) where an attacker within range may be able to execute arbitrary code on the wifi chip. Lesson: even the most valuable company in the world push code live that carries critical security risks.

HACKTIVITY

niche s3 buckets are readable/writeable/deleteable by authorized AWS users [26 upvotes] - $700 bounty for this report to Twitter by @yaworsk. Old bounty and report, but recently disclosed. Cheers to defaulting to disclosure!
[controlsyou.quora.com] 429 Too Many Requests Error-Page XSS [15 upvotes] - $300 bounty for this report to Quora by @bobrov. Brevity = impact. Simple Description for POC / Steps To Reproduce: 1.) Make a lot of requests to get the error 429 and 2.) Open PoC in FireFox
Everything is hackable. Computer security is broken from top to bottom

As always, you can see all the latest and greatest disclosures and bounties on hackerone.com/hacktivity.

OTHER ARTICLES WE’RE READING

In a slightly bizarre iOT hack, Pen Test Partners hacked Svakom sex toys. Vulnerable Wi-Fi dildo camera endoscope. Yes really.
Turla, Moonlight Maze and advanced APT’s via nation-states. A 20-year saga revealed at SAS 2017. Cliff notes via Threatpost. Weekend reading (35-page report) via Kaspersky.
Keep an eye on the SAS YouTube playlist for the best presos of SAS 2017.
Writeup of CVE-2017-7199: Local privilege escalation in Tenable Nessus Agent 6.10.3. Worth the read for the humor alone. Written by a self-professed tactical bingo player.

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good emails to themselves - forward to your friends and colleagues for maximum enjoyment. Want to see who else runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

Frustrating. I had Tron almost ready, when Dillinger cut everyone with Group-7 access out of the system. I tell you ever since he got that Master Control Program, the system's got more bugs than a bait store.

Alan Bradley

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.