Three Buddy Problem A half-dozen Microsoft zero-days, Juniper router backdoors, advanced bootkit hunting
Mar 14, 2025
This discussion dives into a trove of Microsoft zero-day vulnerabilities and Apple's security flaws in iOS. The hosts explore the implications of AI competition, particularly around OpenAI's stance on foreign AI technologies. They also dissect Juniper router backdoors and the challenges of detecting UEFI bootkits. In the crypto realm, the dangers of MEV sandwich attacks come to light, highlighting the chaotic dynamics of decentralized finance. Finally, they touch on the pressing issue of press freedom, spotlighting the challenges faced by journalists amid governmental pressures.
AI Snips
Chapters
Books
Transcript
Episode notes
Microsoft Patch Tuesday
- Microsoft patched 57 vulnerabilities, including six zero-days, on Patch Tuesday.
- Four zero-days were reported anonymously, possibly by a government agency or intelligence agency.
Unpatched.ai and AI-Powered Vulnerability Discovery
- A cryptic website, Unpatched.ai, is credited with discovering Microsoft Access RCE flaws.
- They claim to use AI for vulnerability discovery, raising questions about offensive AI use cases.
AI in Bug Discovery
- AI-powered bug discovery likely focuses on specific bug classes rather than general vulnerability discovery.
- Transparency in AI vulnerability discovery methods raises concerns about misuse, especially in a technological Cold War.
