A MacOS SIP Bypass & an XSS Fiesta [Bounty Hunting]

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/a-macos-sip-bypass-an-xss-fiesta.html A discussion heavy episode this week, starting off with the "new" Trojan Source attackers, and then talking about a handful of interesting vulnerabilities. [00:00:18] Trojan Source Attacks [00:24:07] [SmartStoreNET] Malicious Message leading to E-Commerce Takeover [00:34:24] [Chrome] Cross-Site Scripting in New-Tab Page [CVE-2021-37999] [00:39:48] [StreamLabs] Steal access_token via open redirect [00:43:18] Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection [00:50:04] Android security checklist: WebView The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.