🔥Telegram İfşa

Looking for universal, backward-compatible kernel read and write primitives for both ARM and Intel-based macOS systems? No problem! Check it out at: github.com/wangtielei/POC…. The PoC uses only existing kernel mechanisms and does not require complex memory manipulation techniques.

In this post I'll use CVE-2024-5830, a bug in object transitions in Chrome to gain RCE in the Chrome renderer sandbox: github.blog/security/vulne…

Are any of you guys interested in the 44 slides about file API security that I had to cut from my new presentation? It has all the fan favourites like union mounts, POSIX ACLs and other unhinged insanity

Excited to share our research on Kernel Streaming! We discovered several vulnerabilities in it that we used at Pwn2Own this year. Check it out: devco.re/blog/2024/08/2…

As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎

My slides for the OBTS is here: github.com/jhftss/jhftss.… Exploits: github.com/jhftss/POC Blog will be posted after the fix of the variant issue.

iOS 17 PoC, Here’s how u can leak any iCloud app data by copying and pasting two completely unrelated files. jamf.com/blog/tcc-bypas…

🍎🪳Second part of the diskarbitrationd - storagekitd vulnerability blog series is out on Kandji 's blog. These vulnerabilities were presented at Black Hat #BHEU2024 and POC_Crew 👨‍👩‍👦‍👦 #POC2024 conferences. kandji.io/blog/macos-aud…

New Blog Post in 2025: jhftss.github.io/CVE-2024-54527… Tell you more about the AMFI👻

Two new posts from James Forshaw today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

New Blog Post: jhftss.github.io/Endless-Exploi… Tell you more about what I didn’t talk about at the #OBTS 7 Objective-See Foundation

😊😊😊

👀👀👀

New writeup: CVE-2025-24104 – Apple’s bug allowed arbitrary file reads outside the sandbox. While iOS 18.3 added a mitigation, it doesn’t fully fix the issue. I even bypassed it since my recommended fix wasn’t followed. Read more 👉 github.com/ifpdz/CVE-2025… #AppleSecurity

I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Tri…

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

Thrilled to share our latest deep dive into Windows Kernel Streaming! Just presented this research at offensivecon. Check it out: devco.re/blog/2025/05/1…

You can the slides for my today’s BSidesBUD 🇭🇺 talk (Apple Disk-O Party) on my site: theevilbit.github.io/talks/

Just finished a new blog sharing an interesting example demonstrating the power of cross-operating system vulnerability variant analysis! Check it out here: github.com/wangtielei/Sli… Hope you like it.

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… issues.chromium.org/issues/4125787…