Day[0] ZDI's Triaging Troubles and LibreOffice Exploits
Feb 25, 2025
In this discussion, a fresh 0day vulnerability on Parallels Desktop reveals troubling vendor response delays. The hosts dive into ZDI's struggles with bug reproduction and researcher communication. They explore vulnerabilities in Windows 11's file handling, which could lead to memory corruption. The episode also covers alarming exploits in LibreOffice related to font and file handling, along with an intricate Linux kernel exploit chain that highlights patch management issues. A deep dive into these topics ensures a riveting listen for tech enthusiasts!
AI Snips
Chapters
Transcript
Episode notes
Apple Signature Check Too Broad
- Parallels' signature check accepted any Apple-signed binary and allowed shared-library injection into benign binaries.
- That gave an attack path where a signed utility (e.g., ls) becomes a privileged execution vector when run as root.
Prompt Triage Or Test Report-Time Versions
- If a triage program insists on testing only latest builds, ensure quick communication to avoid stale proof-of-concept issues.
- ZDI should speed initial responses or test against the version present at report time to avoid wasted work.
Explorer's New Archive Support Raises Risk
- Windows 11 added native support for many archive formats in Explorer, expanding attack surface beyond ZIP.
- That integration introduced path traversal and memory-corruption issues in libarchive handling within Explorer.