Talk
13:00
-
13:45
August 08, 2020
Parsia Hakimian
Many modern desktop applications use a localhost server for IPC and seamless interaction with websites. These servers usually have no authentication. JavaScript running in browsers can connect to these servers. I will discuss a dozen publicly disclosed bugs where malicious websites can connect these servers and directly run code on the machines.