We also suggested further hardening measures based on the PoC exploit I wrote and hope to see some of them implemented in the future. I think in particular ASLR could be made much stronger on that attack surface
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
In the allowed class list, or by verifying supportsSecureCoding is declared on the specific class that they are asked to initialize?
-
There is a new "StrictSecureDecodingMode" (flag 0x20) which, when set, causes -[NSKeyedUnarchiver _validateAllowedClassesContainsClass:forKey:] to not traverse up to superclasses, thus disallowing a child class of an allowed class
- Još 5 drugih odgovora
Novi razgovor -
-
-
Tweet je nedostupan.
-
Well we focused on this attack surface as it seemed the most promising and now a large part of it is blocked, so I guess that’s a step in the right direction
- Još 5 drugih odgovora
-
-
-
.
@natashenka and you did a great job in finding and reporting those. Can’t imagine how many things you haven’t published yet
Kudos for blogpost, i love how many details you described
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Thank you so much
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
'almost all' so .... it was almost fixed?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
For me i say to
@Pwn20wnd and@unc0verTeam For jailibreaking my iphone 12.4 IOSHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Well done!
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.