你可能會喜歡
As promised, I just dropped a dozen new sandbox escape vulnerabilities at #POC2024 If you missed the talk, here is the blog post: jhftss.github.io/A-New-Era-of-m… Slides: github.com/jhftss/jhftss.… Enjoy and find your own bugs 😎
Actually, 15+ new sandbox escape vulnerabilities discovered. All of them are simple logic issues. You may find your own sandbox 0-days by yourself after listening to this talk!🔥🔥🔥
Excited to share our research on ChillyHell, a modular macOS backdoor targeting officials in Ukraine. Check out our write-up for more details. jamf.com/blog/chillyhel…
For those missing the talk, Blog: jhftss.github.io/Exploiting-the… Slides: github.com/jhftss/jhftss.…
A tiny timing flaw in Apple’s core file-copy APIs can put millions of devices at risk 📂🍏 Despite warnings, Apple thought it was “too hard to exploit”—until Mickey Jin developed an exploit that steals secrets in privileged services 👉nullcon.net/berlin-2025/sp… #NullconBerlin2025
Thank you @helpnetsecurity to mention us 👍 awesome research by @tsunek0h #macOS #applesecurity #NullconBerlin2025 helpnetsecurity.com/2025/09/04/mac…
🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples. Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments. 🔗 Link -> msuiche.com/posts/elegantb…
🍏 #AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At #NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 nullcon.net/berlin-2025/sp… #iOS #applesecurity
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-da…
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!
Launch constraints are annoying as a security researcher. What if you didn't have to worry about them? wts.dev/posts/bypassin…
So CVE-2025-43268 was indeed my vuln in cryptexctl, but @0x3C3E found it first, kudos to him. Here's the "exploit", which makes sudo try and load an unsigned dylib from the current directory: /S*/L*/S*/u*/b*/c*.r* exec $PWD/ sudo ls
📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! project-zero.issues.chromium.org/issues/4062711…
My "Finding Vulnerabilities in Apple Packages at Scale" talk is up on YT 🎉
All talks from #SecurityFest are now published on YouTube for your enjoyment. Grab some popcorn and binge watch! youtube.com/@securityfest
Woah, @WangTielei talk “Sending Me Your IOUserClients: A Bypass to Immovable Ports” at @deepsec_cc was insanely good! I enjoyed it! Super clever new discovery. feels awesome to see other researchers referencing my past work.
Stoked for Jaron Bradley's soon to be released 2nd-book: "Threat Hunting macOS" 😍📚 (And was honored to write its forward). Jaron is an outstanding researcher, speaker, trainer, & friend, and this book will become an essential macOS security resource. linkedin.com/feed/update/ur…
The slides for my OffensiveCon talk "Finding and Exploiting 20-year-old bugs in Web Browsers" docs.google.com/presentation/d…
Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week @offensive_con! googleprojectzero.blogspot.com/2025/05/breaki…
United States 趨勢
- 1. Good Sunday 53K posts
- 2. #sundayvibes 4,673 posts
- 3. Discussing Web3 N/A
- 4. #HealingFromMozambique 20K posts
- 5. Wordle 1,576 X N/A
- 6. Trump's FBI 11.8K posts
- 7. Miary Zo 1,080 posts
- 8. Coco 48.1K posts
- 9. Biden FBI 18.4K posts
- 10. Blessed Sunday 17.4K posts
- 11. KenPom N/A
- 12. #ChicagoMarathon N/A
- 13. The CDC 32.6K posts
- 14. Lord's Day 1,656 posts
- 15. Macrohard 9,671 posts
- 16. Gilligan 7,121 posts
- 17. Dissidia 7,661 posts
- 18. Go Broncos 1,304 posts
- 19. God is Good 47.2K posts
- 20. Nor'easter 1,739 posts
你可能會喜歡
-
starlabs
@starlabs_sg -
RET2 Systems
@ret2systems -
Bien 🇻🇳
@bienpnn -
Csaba Fitzl
@theevilbit -
Jordy Zomer
@pwningsystems -
Dohyun Lee
@l33d0hyun -
kylebot
@ky1ebot -
sakura
@eternalsakura13 -
acez
@amatcama -
Samuel Groß
@5aelo -
Axel Souchet
@0vercl0k -
Dataflow Security
@dfsec_com -
Synacktiv
@Synacktiv -
Leonid Bezvershenko
@bzvr_ -
KevinLu
@K3vinLuSec
Something went wrong.
Something went wrong.