This is probably the most complex exploit I've done so far. A UAF in Android kernel freed by kfree_rcu (introduces a delay) in a tight race + kCFI + Samsung RKP. Yet its still possible to gain arbitrary kernel RW, disable SE and root from untrusted app. github.blog/2022-06-16-the…

🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerability from the past: security.apple.com/blog/what-if-w…

Kaspersky released a new blogpost today, documenting an iOS 0day + zero-click exploit used to target cybersecurity researchers. The scope and full victimology are still unknown. securelist.com/operation-tria…

Since publishing the findings about PureLand, it has rebranded to Pearl Land Metaverse. Following that, several fake blockchain game projects were launched by malicious actors to distribute #RedLineStealer and #RealstStealer - a new macOS infostealer. medium.com/@iamdeadlyz/fa…

🔗 Link to blog post: blog.exodusintel.com/2023/12/11/saf… #OBTS blog.exodusintel.com/2023/12/11/saf…

Merry Christmas! Jailbreak for all arm64 iOS 16.0 to iOS 16.5 devices! github.com/KpwnZ/Def1nit3…

puaf_landa was actually silently patched on 16.7 An explanation on how I, and many many other notable developers, missed this: At the time I initially posted this, we had assumed that all of 16.7.x worked because of this image (originating from an iPhone 8 on 16.7.3): On

The world's first(?) kernel exploit for Vision Pro- on launch day!

XZ backdoor story – Initial analysis. Unlike other supply chain attacks we have seen in Node.js, PyPI, FDroid, and the Linux Kernel that mostly consisted of atomic malicious patches, fake packages and typosquatted package names, this incident was a multi-stage operation that

Those who don't read grsecurity.net/kaslr_an_exerc… (which turned 11 last month) are doomed to whatever people shocked about /sys/kernel/notes are doing right now

#ToddyCat APT target government entities in Asia-Pacific region We publish a new research about a range of tools the actor utilizes for data extraction (specifically, documents, WhatsApp web credentials and passwords stored in browsers), and establishing stable and stealthy

The PyTorch team is developing a library for large model training called torchtitan 👀 They have scripts to train Llama-3 from scratch The library went public today on GitHub but it is still in pre-release state & active development Check it out → github.com/pytorch/torcht…

PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May wololo.net/2024/04/26/ps4…

A new #report on #APT trends in 2024 over on Securelist securelist.com/apt-trends-rep…

Player 2 has entered the ring. A new Chinese pwn2own style competition is now public. The list of targets is interesting, lots of edge devices and even Kaspersky. matrixcup.net/page/race/ques…

Finally got around to publishing the slides of my talk offensivecon from ~two weeks ago. Sorry for the delay! The V8 Heap Sandbox: saelo.github.io/presentations/… Fantastic conference, as usual! :)

May LPE 🙌 synacktiv.com/advisories/win…

✍️ TIKTAG: Breaking ARM’s Memory Tagging Extension with Speculative Execution arxiv.org/pdf/2406.08719

It's been a while since HyperDbg's first release, and we realized our initial assumptions for the command parser won’t fully meet new demands. After redesigning and extensive testing, HyperDbg v0.10.1 now comes with a brand-new parser! 💫😼 Check it out: github.com/HyperDbg/Hyper…