Me: *already knows how to jailbreak iOS on A12/A13 without using any PAC Bypass* Also me: “Damn, this is going to be way too much work to implement and test. It’s easier and way less work to just create a write up on how to fix this to send to Apple and get credit”

porting IDA python 6.x-7.3 to 7.4 github.com/rls1004/portin… It hasn't been tested a lot and may not work properly in certain situations. #IDA #IDAPython #IDA74

In iOS kernel exploits, It has become difficult to construct arbitrary address read primitives using bsd_info.

iphone 6s를 이용해서 iphone 4에 limera1n 익스플로잇을, iphone 5에 checkm8 익스플로잇을 실행함

나중에 봐야지

PAC 우회 방법 중 하나가 패치 됨 Brandon Azad가 blackhat usa 2020 에서 PAC 우회 방법 다섯가지를 발표를 할 예정! (8월 5일) blackhat.com/us-20/briefing…

I played CTF, which I haven't done for a while :P

Apple PAC, Four Years Later: Reverse Engineering the Customized Pointer Authentication Hardware Implementation on Apple M1 blackhat.com/us-23/briefing… Slides: i.blackhat.com/BH-US-23/Prese… Video: youtu.be/RByIu2zjjVg

short post about a browser bug rls1004.github.io/2024-07-22-des…

awesome

how simple 🙂 Update incorrect bounds check in arrayInitData that could lead to overflow github.com/WebKit/WebKit/…

And here's a little analysis. [Bugs 284332] JSC: Incorrect bounds check in arrayInitData rls1004.github.io/2025-02-16-bug…

new code, new bug : 1. A new DFG node, `NewRegExpUntyped` was added to improve `new RegExp(...)` optimizations with better type info. github.com/WebKit/WebKit/… 2. But incorrect side effect modeling (missing `clobberWorld`) led to a quick fix just 2 days later.