[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

Update: 2022-05-26

Description

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/pwn2own-parallels-desktop-and-an-appleavd-bug.html

Just a couple vulnerabilities to talk about this week, but some interesting things to talk about in them. We also have some discussion about this year's pwn2own results and a couple things that caught out attention.

[00:01:02 ] Spot the Vuln - NoSQL, No Problem

[00:02:46 ] Pwn2Own Vancouver 2022 - The Results

[00:16:14 ] CVE-2022-22675: AppleAVD Overflow in AVC_RBSP::parseHRD

[00:23:16 ] Exploiting an Unbounded memcpy in Parallels Desktop

The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:

Mondays at 3:00 pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities

Tuesdays at 7:00 pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9

Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Comments

Top Podcasts

The Best New Comedy Podcast Right Now – June 2024 The Best News Podcast Right Now – June 2024 The Best New Business Podcast Right Now – June 2024 The Best New Sports Podcast Right Now – June 2024 The Best New True Crime Podcast Right Now – June 2024 The Best New Joe Rogan Experience Podcast Right Now – June 20 The Best New Dan Bongino Show Podcast Right Now – June 20 The Best New Mark Levin Podcast – June 2024

In Channel

Linux Exploits, Secure Credentials, Side-Channels and Election(SDK) hacking

2019-10-2102:13:43

[binary] Fuchsia OS, Printer Bugs, and Hacking Radare2

2022-06-0254:43

[bounty] A Zoom RCE, VMware Auth Bypass, and GitLab Stored XSS

2022-05-3151:35

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

2022-05-2634:29

[bounty] Stealing DropBox Google Drive Tokens, a GitLab Bug, and macOS "Powerdir" Vulnerability

2022-05-2432:32

[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover

2022-05-1734:23

[binary] Pwn2Owning Routers and Anker Eufy Bugs

2022-05-1230:40

[bounty] Cloudflare Pages, Hacking a Bank, and Attacking Price Oracles

2022-05-1038:36

[binary] NimbusPwn, a CLFS Vulnerability, and DatAFLow (Fuzzing)

2022-05-0541:59

[bounty] XSS for NFTs, a VMWare Workspace ONE UEM SSRF, and GitLab CI Container Escape

2022-05-0337:06

[binary] Getting into Vulnerability Research and a FUSE use-after-free

2022-04-2849:54

[bounty] A Struts RCE, Broken Java ECDSA (Psychic Signatures) and a Bad Log4Shell Fix

2022-04-2632:44

[binary] Another iOS Bug and Edge Chakra Exploitation

2022-04-2155:33

[bounty] Taking Over an Internal AWS Service and an Interesting XSS Vector

2022-04-1922:28

[binary] A subtle iOS parsing bug and a PHP use-after-free

2022-04-1454:55

[bounty] A Double-Edged SSRF, Pritunl VPN LPE, and a NodeBB Vuln

2022-04-1226:11

[binary] FORCEDENTRY Sandbox Escape and NetFilter Bugs

2022-04-0742:33

[bounty] Spring4Shell, PEAR Bugs, and GitLab Hardcoded Passwords

2022-04-0501:02:10

[binary] Pwning WD NAS, NetGear Routers, and Overflowing Kernel Pages

2022-03-3132:23

[bounty] GitLab Arbitrary File Read and Bypassing PHP's filter_var

2022-03-2934:56

00:00

1.0x

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

#box-pro-ellipsis-173651492766792{-webkit-line-clamp:2;}[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug

dayzerosec

[binary] Pwn2Own, Parallels Desktop, and an AppleAVD Bug