I will be speaking about iOS dual booting at BlackHat Asia next week - blackhat.com/asia-19/briefi… #BHASIA

Virtuailor now supports AArch64! If you have a firmware or any other C++ binary compiled to AArch64, Virtuailor will now be able to reconstruct the vtables, add Xrefs to virtual calls and make the reversing process a little bit easier. github.com/0xgalz/Virtuai…

EPIC JAILBREAK: Introducing checkm8 (read "checkmate"), a permanent unpatchable bootrom exploit for hundreds of millions of iOS devices. Most generations of iPhones and iPads are vulnerable: from iPhone 4S (A5 chip) to iPhone 8 and iPhone X (A11 chip). github.com/axi0mX/ipwndfu

great probe for all your lightning JTAG needs! x.com/LambdaConcept/…

iokit.racing/oneweirdtrick.…

Nice vuln: git.kernel.org/pub/scm/linux/… ARM64 PAN support (both HW and SW) broken for over 4 years, since introduction in 4.3. Bypass in HW case, memory corruption in the SW case

Great research by KEENLAB - Experimental Security Assessment on Lexus Cars keenlab.tencent.com/en/2020/03/30/…

I've compiled a summary of every original public iOS kernel exploit from app context since iOS 10, describing the high-level exploit flow to get stable kernel read/write. The trends of how these exploits have evolved over time are quite interesting: googleprojectzero.blogspot.com/2020/06/a-surv…

I think I can share it now :) nvda.ws/3eto6yg

Here are the slides from my BlackHat talk "iOS Kernel PAC, One Year Later", in which I consider how kernel PAC CFI has changed since its introduction in iOS 12 and examine 5 ways to bypass it in iOS 13: bazad.github.io/presentations/…

NVIDIA to Acquire Arm for $40 Billion, Creating World’s Premier Computing Company for the Age of AI. nvda.ws/2Rk5RRY

Just published a blogpost about CVE-2020-27950, one of the three iOS vulnerabilities exploited in the wild and fixed in iOS 14.2

IDA Pro for arm64 is coming! We have ported all of IDA to run natively on Apple Silicon, and it will be available in IDA 7.6. Initial analysis shows that the hype is real 🤩: hex-rays.com/blog/ida-pro-o… #AppleSilicon #M1 #macmini #BigSur

In April, I left Nvidia, and to be honest, it was one of the most challenging decisions to make. It was an great ride, I created Offensive Research there with a long road of… I’m proud of what we achieved together as a team! Kudos Max Bazaliy Adam 'pi3' Zabrocki Alex Tereshkin NVIDIA PSIRT

Small blog post on how to run iOS code natively on Arm-based Macs. Enjoy :) googleprojectzero.blogspot.com/2021/05/fuzzin…

At 5 am russia has massively attacked Ukraine. Kyiv where I’m now, other cities where I’ve been to, explosions have been heard near my parents house. But we are strong nation, much stronger than those invaders. Ukraine will resist 🇺🇦

Україні потрібна допомога кіберспільноти. Що робити dou.ua/lenta/news/cyb…

Proud from this research ;-) CC: Alex Tereshkin, Jared Candelaria, Max Bazaliy, igoo!, NVIDIA PSIRT nvidia.com/en-us/security…

We'll be presenting our latest research at DEF CON 33, focused on fuzzing automation using AI agents. Orion can identify fuzzing targets, generate harnesses, reproduce crashes, and suggest patches. defcon.org/html/defcon-33…