macrumors.com/2023/04/17/app… 4403769: ios: Enable PartitionAlloc for week four and remainder of 112 stable. | chromium-review.googlesource.com/c/chromium/src… chrome IOS Fullchain really come true?

Blogpost from me and Giulio C 🔥🌸 ! microsoftedge.github.io/edgevr/posts/E…

Finished a write-up of a vulnerability in the io_uring subsystem of the Linux Kernel. This one is interesting because it gives you an incredibly powerful primitive - a multipage-wide OOB read and write to physical memory. anatomic.rip/cve-2023-2598/

Check it out, it's tmp.0ut Volume 3! tmpout.sh/3/

My quick notes about CVE-2023-2033 docs.google.com/document/d/15y…

More APVI bugs were disclosed, including two page UAF and PFN leaks: bugs.chromium.org/p/apvi/issues/… bugs.chromium.org/p/apvi/issues/… bugs.chromium.org/p/apvi/issues/…

Jailbreaking the Sonos Era 100 research.nccgroup.com/2023/12/04/sho… The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. NCC Group Research & Technology found multiple weaknesses within the bootloader which could lead to full compromise #sonos

To dive more advanced low layer things such as hypervisor, I'm reviewing Windows kernelmode rootkit techniques, and created a repositry for research and educational purpose. More PoCs will be added later (filesystem/network mini-filter things especially). github.com/daem0nc0re/Vec…

Disclosing #SLAM, aka how to combine Spectre and Intel LAM (& co.) to leak kernel memory on future CPUs (demo below). Thousands of exploitable "unmasked" (or pointer chasing) gadgets in the Linux kernel. Joint work by Mathé Hertogh Sander Wiebing Cristiano Giuffrida: vusec.net/projects/slam

It is interesting to see similar shift/unshift race condition issues that i found and exploited webkit in 2018 (github.com/grigoritchy/un…) are exploited on safari, chrome these days as an in the wild bug

A high school student reverse engineered the iMessage protocol and published a cross-platform proof of concept. jjtech.dev/reverse-engine…

Jailbreak and kernel debugging is coming to new iPhones! (Apple A12-A16 SoC’s < iOS 16.6)

The first #v8CTF submission is now public: bughunters.google.com/reports/vrp/38… Note that the current flag is still up for grabs, maybe M118 is unhackable? ;P You should also check out @madstacks3's excellent writeup at madstacks.dev/posts/Start-Yo…

Seems like someone pushed a bunch of iBoot symbols to Hexrays's Lumina server

Do you trust CyberPanel's security ? Superb work 🔥published today by my friend and ex-colleague Altion showcases why you shouldn't.

Apple Safari In-The-Wild type confusion vulnerability (CVE-2024-23222 [267134]) happens because DFG constant property load does not check the validity at the main thread: github.com/WebKit/WebKit/…

Exploit for CVE-2022-4262. Fukin finally! Shoutout to clem1 for finding the ITW exploit. And shoutout to Samuel Groß, Jack Ren, Alisa Esage Шевченко for their RCA's and prior analysis of the vuln :). github.com/mistymntncop/C…

Innovated some new exciting "capabilities", arriving soon 🤣 developer.apple.com/support/dma-an…

siri what's the latest techniques itw

Congrats 🔥