Application Security This Week for February 10

Ullaakut on Reddit posted this toolset: Gorsair, a tool to remotely access the exposed Docker API of vulnerable Docker containers.  Works, too.

https://github.com/Ullaakut/Gorsair

Someone already pwned TLS 1.3, for crying out loud.

https://eprint.iacr.org/2018/1173

Cool attack on CORS configuration in mobile devices

https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/

RCE in Libreoffice.  Not so free NOW areya?

https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html

And that’s the news. Stay warm.