[ Browser ]  ZDI-17-054: Apple Safari SearchInputType Type Confusion Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-17-054/

[ iOS ]  iOS/MacOS kernel UaF due to lack of locking in host_self_trap https://bugs.chromium.org/p/project-zero/issues/detail?id=1034

[ iOS ]  iOS 10.3 will will stop trusting SHA1 certificates issued by CAs in the default trust store. http://www.redmondpie.com/ios-10.3-release-notes-changelog-whats-new-according-to-apple/

[ macOS ]  MacOS kernel use after free due to bad reference counting when creating new user clients https://bugs.chromium.org/p/project-zero/issues/detail?id=975

[ macOS ]  macOS 10.12.3 source is out: https://opensource.apple.com/release/macos-10123.html

[ Mitigation ]  Cool blog post "Harmful prefetch on Intel" http://blog.ioactive.com/2017/01/harmful-prefetch-on-intel.html by @ kiqueNissim @ IOActive #kernelhacking

[ Others ]  New blog, detecting targeted attacks from #BARIUM and #LEAD in #WDATP https://blogs.technet.microsoft.com/mmpc/2017/01/25/detecting-threat-actors-in-recent-german-industrial-attacks-with-windows-defender-atp/

[ Others ]  This book reads you - exploiting services and readers that support the ePub book format https://s1gnalcha0s.github.io/epub/2017/01/25/This-book-reads-you.html

[ Popular Software ]  Oracle WebLogic RMI Registry UnicastRef Object Deserialization of Untrusted Data Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-17-055/

[ Tools ]  Glazier automating the installation of the Microsoft Windows operating system on various device platforms by @Google https://t.co/njxKsteGnJ

[ Web Security ]  CVE-2016-9838 - Joomla! Account Takeover and RCE writeup https://www.ambionics.io/blog/cve-2016-9838-joomla-account-takeover-and-remote-code-execution