2018-11-08 | Zero Day in VirtualBox, Google’s OSS fuzz has found over 9k bugs, and WooCommerce RCE

Thursday, November 8

TOP STORY

• Zero-day vulnerability in VirtualBox disclosed by researcher Sergey Zelenyuk

TWEET OF THE DAY

• My #pwn2own exploit chain from this year, essentially 3 logic bugs to go from Safari to kernel on macOS up to 10.13.3, is now open source: https://github.com/saelo/pwn2own2018 …. The README also links to a few slide decks which contain some more background information :) - @5aelo

OTHER ARTICLES WE’RE READING

• Every byte explanted: The New Illustrated TLS updated for 1.3

• WooCommerce RCE through WP design flaw

• Google’s OSS fuzz has found over 9K bugs in 24-months reported ZDNet  

• Check Point researchers discovered DJI drone vulnerability that exposed accounts and drone live feeds reported by TechCrunch

• 144. That’s how many people in West Virginia used the blockchain voting app

• Using data to hunt a different kind of bug - The Adam Savage Project

ABOUT ZERO DAILY

Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com

I used Chrome F12 to edit an internal system to make it look the way I proposed for an email, and the system owner sent a group email saying no changes are allowed on production systems without change control.

They thought I edited the server.
I said they were simulated pictures

@SwiftOnSecurity