Still interested in exploiting IPC memory corruptions on Apple devices? Try this one: CVE-2024-27801, UAF in the low level implementation of NSXPC that has been present since the initial release of NSXPC (over decade ago). POC: github.com/wangtielei/POC…

Was all set to share some PoC code, but then found that it still caused a kernel panic. Apparently, the issue hadn't been fixed as the vendor claimed. Sigh.

Spent half a day trying to understand my old PoC and had a ‘who even wrote this’ moment…

What’s the longest consecutive streak of CVEs credited to a single researcher?

Web3 isn’t built from scratch—it builds on traditional systems. Its single point of failure remains an Achilles' heel. The Bybit incident isn’t the end, but just another example of ongoing attacks. A hard truth we can't ignore.

Got a codesigning requirement: anchor redacted and info[CFBundleIdentifier] = redacted* and certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or anchor apple generic and info[CFBundleIdentifier] = redacted* and certificate leaf[field.1.2.840.113635.100.6.1.27]

I know 1.2.840.113635.100.6.1.9 is for Mac App Store Signing, but any idea what 1.2.840.113635.100.6.1.27 is? Thanks!

Zero submissions for macOS LPE

Thank you Huke for bringing back the good memories from the golden age of iOS hacking!

DePIN security has a long way to go.

Just booked my trip to Vegas—wish me luck! Can’t believe it’s been 6 years since my last visit. Back then, I shared iPhone XS jailbreaks and FaceTime RCEs… wild how much has changed. If you’ll be around in Aug, don’t hesitate to say hi—let’s grab a drink or place a bet together!

Just finished a new blog sharing an interesting example demonstrating the power of cross-operating system vulnerability variant analysis! Check it out here: github.com/wangtielei/Sli… Hope you like it.

Another big step in system security.

We’re thrilled and honored to reveal our second keynote speaker: Ivan Krstić (Ivan Krstić) Any guesses what he might talk about? 😉

All respect to the legend — thank you, Tavis, for your pioneering work!