Hacking, AppSec, and Bug Bounty newsletter
2017-12-11 | iOS and Android vulns, NATO + EU + Hack the Air Force 2.0, and Estonia is the digital republic
Monday, December 11
Stored xss via template injection [6 upvotes] - $300 bounty for this report to WordPress by @morningstar.
Command injection in the process of downloading the latest version of the cloud key firmware through the unifi management software. [5 upvotes] - $500 bounty for this report to Ubiquiti Networks by @dblack.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon. - @i41nbeer
OTHER ARTICLES WE’RE READING
To important not to wait for patch Tuesday: CVE-2017-11937 | Microsoft Malware Protection Engine Remote Code Execution Vulnerability
New Android vulnerability allows attackers to modify apps without affecting their signatures
Estonia: The Digital Republic (by the New Yorker)
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The value of the thing was not just about a calculation of its economic return but also about the aesthetic value of its coolness.