I will share some of my findings at BlackHat USA 2024. See you then. I was planning to disclose 16 vulnerabilities, but Apple responded that they cannot fix them all, so I had to change the contents. I was focusing on Android and IoT bug hunting and fuzzing, and I realized that

Escaping the Safari Sandbox: A tour of WebKit IPC #MobileSecurity #iOSsecurity [SLIDES] by Synacktiv synacktiv.com/sites/default/…

CVE-2024-40824 published🤣🤣But I don't even know what the vulnerability is. Looks like Apple forgets to update the report status. I can see that I have 3 new CVEs, but the patch list indicates that I have 4🤣🤣🤣

#BHUSA Black Hat My Black Hat USA 2024 presentation is finished. Thank you all for coming. In my presentation, I disclosed some methods to achieve SBX and LPE. Many of them require launching an app, so in an attack scenario, the user may notice an app icon briefly

The people have spoken, and I shall deliver: The missing guide to the security of filesystems and file APIs: gergelykalman.com/the-missing-gu… (Twitter didn't appreciate a pdf being linked directly, so hopefully this makes it to whoever is interested.)

The blog post on my talk "Unveiling Mac Security: A Comprehensive Exploration of Sandboxing and AppData TCC," presented at BlackHat USA 2024 and KCon 2024, is now available on imlzq.com/apple/macos/20… Thanks for reading.

Continuing the series on exploiting Android Binder with Binder internals blog androidoffsec.withgoogle.com/posts/binder-i… Deep dive into Binder driver by abcSup and Gulshan. We also release github.com/androidoffsec/… -- tiny lib featuring how to do IPC via Binder driver. Happy Binder hacking!

As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎

r00tkitsmm.github.io/fuzzing/2024/1… TL;DR I Implemented a super reliable macOS kernel binary rewriting to instrument any KEXT or XNU at BB or edge level.

🍎🐛🎙️Following my #poc2024 talk we are releasing a blogpost series Kandji detailing the vulnerabilities of diskarbitrationd and storagekitd I discussed in my "Apple Disk-O Party" talk. First part is out, and covers CVE-2024-44175. kandji.io/blog/macos-aud…

Unrestrict the restricted mode for USB on iPhone. A first analysis The Citizen Lab #CVE-2025-24200 👉 blog.quarkslab.com/first-analysis…

Made a 100-day plan: Find 10 Full TCC Bypasses or 20 Root LPEs in 100 days, from April 1 to July 10. Till now, 7 Full TCC Bypass vulnerabilities have been found, one of them can be exploited within a sandboxed context (cannot be weaponized but can be used by malware)😃 Due to

🤣🤣Glad I’m not just surviving on bug bounties

New Blog: CVE-2025-24103 : General TCC Bypass imlzq.com/apple/macos/tc…