每日安全动态推送(03-15)

Tencent Security Xuanwu Lab Daily News

• G.O.S.S.I.P 学术论文推荐 2022-03-14 Arbiter:
https://mp.weixin.qq.com/s/DZ2Nd5sIjWOuAGwLzBEQGQ

   ・ G.O.S.S.I.P 学术论文推荐 - 二进制分析工具 Arbiter – Jett

• GitHub - antx-code/CVE-2021-35587: Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587:
https://github.com/antx-code/CVE-2021-35587

   ・ Oracle Access Manager Unauthenticated Attacker Vulnerability CVE-2021-35587 – Jett

• Shiro后渗透拓展面:
https://tttang.com/archive/1472/

   ・ Shiro后渗透拓展面 – lanying37

• How a macOS bug could have allowed for a serious phishing attack against users:
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users

   ・ macOS CoreFollowUp 机制可用于钓鱼用户 AppleID 用户名密码（CVE-2022-22660） – Jett

• About the security content of iOS 15.4 and iPadOS 15.4 - Apple 支持 (中国):
https://support.apple.com/zh-cn/HT213182

   ・ Apple 发布 iOS 15.4 版本，修复多个漏洞，其中包括玄武实验室报告的多个漏洞 – Jett

• The Discovery and Exploitation of CVE-2022-25636 · Nick Gregory:
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/

   ・ Linux kernel netfilter 越界写漏洞（CVE-2022-25636）的分析和利用 – Jett

• Watchers:
https://github.com/tihmstar/desc_race-fun_public

   ・ iOS 15.1 kernel exploit POC for CVE-2021-30955 – Jett

• GitHub - mborgerson/mdec: Decompilation as a Service. Explore multiple decompilers and compare their output with minimal effort. Upload binary, get decompilation.:
https://github.com/mborgerson/mdec

   ・ Decompilation as a Service，多款反编译器处理同一个文件，方便对比结果 – Jett

• Root-cause:
https://github.com/0vercl0k/CVE-2022-21971

   ・ Windows Runtime RCE CVE-2022-21971 PoC – Jett

• GitHub - commial/ttd-bindings: Bindings for Microsoft WinDBG TTD:
https://github.com/commial/ttd-bindings

   ・ Bindings for Microsoft WinDBG TTD，支持 diff WinDBG TTD Trace 的结果 – Jett

* 查看或搜索历史推送内容请访问：
https://sec.today

* 新浪微博账号：腾讯玄武实验室
https://weibo.com/xuanwulab

原文始发于微信公众号（腾讯玄武实验室）：每日安全动态推送(03-15)