每日安全动态推送(02-11)

Tencent Security Xuanwu Lab Daily News

• A walk through Project Zero metrics:
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html

   ・ Project Zero 对 2021 年报告漏洞的总结 – Jett

• [Linux] oss-security – CVE-2022-0435: Remote Stack Overflow in Linux Kernel TIPC Module since 4.8 (net/tipc):
https://www.openwall.com/lists/oss-security/2022/02/10/1

   ・ Linux 内核 TIPC 模块 RCE 漏洞分析（CVE-2022-0435） – Jett

• [macOS, iOS] About the security content of iOS 15.3.1 and iPadOS 15.3.1 – Apple Support:
https://support.apple.com/en-us/HT213093

   ・ Apple 发布紧急补丁，修复 WebKit 的一个野外利用漏洞 – Jett

• Attacking an Ethereum L2 with Unbridled Optimism:
https://www.saurik.com/optimism.html

   ・ Attacking an Ethereum L2 with Unbridled Optimism – Jett

• glibc 中偏门利用技巧:
https://tttang.com/archive/1429/

   ・ glibc 中偏门利用技巧. – lanying37

• MindShaRE: When MySQL Cluster Encounters Taint Analysis:
https://www.thezdi.com/blog/2022/2/10/mindshare-when-mysql-cluster-encounters-taint-analysis

   ・ 利用静态分析的方法挖掘分布式数据库存储系统 MySQL Cluster 的漏洞 – Jett

• [PDF] https://silentsignal.hu/docs/OffensiveCon22-Case_Studies_of_Fuzzing_with_Xen.pdf:
https://silentsignal.hu/docs/OffensiveCon22-Case_Studies_of_Fuzzing_with_Xen.pdf

   ・ Case Studies of Fuzzing with Xen，来自 OffensiveCon 2022 会议 – Jett

• realworldctf 2022 hso writeup与nso iMessage 0click漏洞分析:
http://eternalsakura13.com/2022/02/10/hso/

   ・ Realworldctf 2022 hso writeup与nso iMessage 0click漏洞分析. – lanying37

• Modified Elephant APT and a Decade of Fabricating Evidence:
https://assets.sentinelone.com/sentinellabs-apt/modified-elephant-apt

   ・ Sentinel Labs 对 ModifiedElephant APT 组织的分析报告 – Jett

• Android Developers Blog: The first developer preview of Android 13:
https://android-developers.googleblog.com/2022/02/first-preview-android-13.html

   ・ Android 13 开发者预览版发布，更新 Photo picker 和附近 Wi-Fi 设备的隐私数据管理 – Jett

• [Tools] Patching – Interactive Binary Patching for IDA Pro:
https://github.com/gaasedelen/patching

   ・ Patching – 一款为 IDA Pro 提供交互式 Patch 功能的插件 – Jett

• Vulnerability Reward Program: 2021 Year in Review:
http://security.googleblog.com/2022/02/vulnerability-reward-program-2021-year.html

   ・ Google 对 2021 年 VRP 项目的总结 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(02-11)