你可能會喜歡
As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎
Actually, 15+ new sandbox escape vulnerabilities discovered. All of them are simple logic issues. You may find your own sandbox 0-days by yourself after listening to this talk!🔥🔥🔥
The slidedeck to our talk, Crash One: A Starbucks Story - CVE-2025-24277, with @gergely_kalman from @hexacon_fr and @objective_see #OBTS is available from the link below. It was a macOS vulnerability impacting the crash reporting process where we could achieve LPE and sandbox…
Excited to share our research on ChillyHell, a modular macOS backdoor targeting officials in Ukraine. Check out our write-up for more details. jamf.com/blog/chillyhel…
For those missing the talk, Blog: jhftss.github.io/Exploiting-the… Slides: github.com/jhftss/jhftss.…
A tiny timing flaw in Apple’s core file-copy APIs can put millions of devices at risk 📂🍏 Despite warnings, Apple thought it was “too hard to exploit”—until Mickey Jin developed an exploit that steals secrets in privileged services 👉nullcon.net/berlin-2025/sp… #NullconBerlin2025
Thank you @helpnetsecurity to mention us 👍 awesome research by @tsunek0h #macOS #applesecurity #NullconBerlin2025 helpnetsecurity.com/2025/09/04/mac…
helpnetsecurity.com
macOS vulnerability allowed Keychain and iOS app decryption without a password - Help Net Security
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with
🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples. Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments. 🔗 Link -> msuiche.com/posts/elegantb…
🍏 #AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At #NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 nullcon.net/berlin-2025/sp… #iOS #applesecurity
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!
Launch constraints are annoying as a security researcher. What if you didn't have to worry about them? wts.dev/posts/bypassin…
So CVE-2025-43268 was indeed my vuln in cryptexctl, but @0x3C3E found it first, kudos to him. Here's the "exploit", which makes sudo try and load an unsigned dylib from the current directory: /S*/L*/S*/u*/b*/c*.r* exec $PWD/ sudo ls
📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! project-zero.issues.chromium.org/issues/4062711…
My "Finding Vulnerabilities in Apple Packages at Scale" talk is up on YT 🎉
All talks from #SecurityFest are now published on YouTube for your enjoyment. Grab some popcorn and binge watch! youtube.com/@securityfest
Woah, @WangTielei talk “Sending Me Your IOUserClients: A Bypass to Immovable Ports” at @deepsec_cc was insanely good! I enjoyed it! Super clever new discovery. feels awesome to see other researchers referencing my past work.
Stoked for Jaron Bradley's soon to be released 2nd-book: "Threat Hunting macOS" 😍📚 (And was honored to write its forward). Jaron is an outstanding researcher, speaker, trainer, & friend, and this book will become an essential macOS security resource. linkedin.com/feed/update/ur…
United States 趨勢
- 1. Good Thursday 21.1K posts
- 2. rUSD N/A
- 3. #DMDCHARITY2025 1.04M posts
- 4. Halle Berry 3,355 posts
- 5. Earl Campbell 2,166 posts
- 6. Diddy 76.1K posts
- 7. #TheChallenge41 2,249 posts
- 8. #TusksUp N/A
- 9. #LifeAITestnet 7,065 posts
- 10. Market Focus 4,957 posts
- 11. Free Tina 14.5K posts
- 12. #Survivor49 2,957 posts
- 13. Steve Cropper 7,099 posts
- 14. Yeremi N/A
- 15. seokjin 163K posts
- 16. Milo 12.9K posts
- 17. Jamal Murray 7,805 posts
- 18. Metroid Prime 4 13.6K posts
- 19. Ryan Nembhard 3,916 posts
- 20. fnaf 2 17.2K posts
你可能會喜歡
-
starlabs
@starlabs_sg -
Bien 🇻🇳
@bienpnn -
Csaba Fitzl
@theevilbit -
Jordy Zomer
@pwningsystems -
Dohyun Lee
@l33d0hyun -
kylebot
@ky1ebot -
sakura
@eternalsakura13 -
Samuel Groß
@5aelo -
Axel Souchet
@0vercl0k -
Dataflow Security
@dfsec_com -
Synacktiv
@Synacktiv -
Leonid Bezvershenko
@bzvr_ -
KevinLu
@K3vinLuSec -
Hexacon
@hexacon_fr -
Alex Plaskett
@alexjplaskett
Something went wrong.
Something went wrong.