[POC2023], Track A Many people came to hear Thomas King - @[email protected] presentation! 👍 He is talking about “Simple bug but not easy exploit: Rooting Android devices in one shot” #POC2023

git.kernel.org/pub/scm/linux/…

After 3 years, we finally managed to write our first blog post about a powerful XNU infoleak patched in 17.1 blog.dfsec.com/ios/2023/11/19…

Full Chain Baseband Exploits. Details of the baseband and baseband-to-AP pivot vulnerabilities, exploitable for RCE, chained together at the same time ▶️Part 1: labs.taszk.io/articles/post/… ▶️Part 2:labs.taszk.io/articles/post/… ▶️Part 3: labs.taszk.io/articles/post/… Taszk Security Labs Daniel Komaromy

CanSecWest 2024 Presentation: Rooting Android Devices in One Shot: Simple Bug, Complex Exploit (incl. Memory Tagging Extension) - Yong Wang

Thanks for the invitation.

各位大佬新年快乐，0day多多

I’m in Vancouver. See you at CanSecWest. Time difference is tough for me…

The Google Android Red Team's first blog post is now live! Congratulations to the whole team for the big effort to make this happen 😀 androidoffsec.withgoogle.com/posts/attackin…

bugs.chromium.org/p/apvi/issues/… Memory corruption in a OEM’s default GIF parser library.

I’m super excited about this blogpost. The approach is so counterintuitive, and yet the results are so much better than anything else that we’ve tried for memory safety. We finally understand why. security.googleblog.com/2024/09/elimin…

Fun facts about this Firefox bug: (1) According to Mozilla, it got introduced in 2003, it predates Firefox 1.0! (2) Although it's a UaF, it doesn't rely on any JS callback, the entire PoC is a single function. (3) It was a purely manual find and just a fun bug to PoC.

📢 📢 📢 Calling all vulnerability researchers interested in microcode! Check out our blog post covering EntrySign, the AMD Zen microcode signature validation vulnerability recently discovered by the Google Security team. bughunters.google.com/blog/542484235…

keys: Fix UAF in key_put() web.git.kernel.org/pub/scm/linux/…

We (me + Igor Kuznetsov) have discovered a new Google Chrome 0-day that is being used in targeted attacks to deliver sophisticated spyware 🔥🔥🔥. It was just fixed as CVE-2025-2783 and we are revealing the first details about it and “Operation ForumTroll” securelist.com/operation-foru…

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

🙂 issues.chromium.org/issues/4213226… issues.chromium.org/issues/4212235…

A useful “feature” finally patched

security.apple.com/blog/memory-in… Hello MTE

🔥🔥🔥 (CVE-2025-27038)[402078335][GPU]Chrome sbx escape via libGLESv2_adreno.so(exploited ITW) is now open with trigger issues.chromium.org/issues/4020783… issues.chromium.org/issues/4020783… Reported by Clément Lecigne(clem1) and Benoît Sevens