Dany Lisiansky

@DanyL931

Doing iOS/macOS vulnerability research.

github.com/DanyL
Joined July 2010
Born 1993
221 Photos and videos Photos and videos

Tweets

You blocked @DanyL931

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @DanyL931

  1. Pinned Tweet
    May 18

    Just uploaded the details and exploits for the vulnerabilities addressed in iOS 12.3, It was a fun project and I hope you enjoy my work.

    29 replies 142 retweets 400 likes
    Show this thread
    Show this thread
    Undo
  2. 2 hours ago

    I can verify that CVE-2019-8593, CVE-2019-8568 and CVE-2019-8637 are still patched in iOS 12.4.

    Just uploaded the details and exploits for the vulnerabilities addressed in iOS 12.3, It was a fun project and I hope you enjoy my work.
    Show this thread
    1 reply 4 retweets 30 likes
    Undo
  3. Retweeted
    6 hours ago

    OpenDrop: An Open Source AirDrop Implementation

    32 retweets 100 likes
    Undo
  4. Retweeted
    18 hours ago
    Replying to

    I don’t think any reasonable person would disagree, however, having to sit on unpatched versions for months/years in the hope of a jailbreak has its security issues too - maybe jailbreakers are unlikely to be the same people targetted, NSA/Gov tech peeps excluded.

    1 retweet 5 likes
    Undo
  5. Retweeted
    20 hours ago

    Very true. Think of all the people that have no interest and/or have never even heard of a jailbreak that are currently at risk.

    I know the community is happy to get a jb on the latest version, but there is a reason why those don't exists anymore - it's not that it's harder or that it was commercialised, It's because there's a real danger involved It's damn serious & I hope Apple will issue an update soon
    1 reply 2 retweets 6 likes
    Undo
  6. 20 hours ago

    I know the community is happy to get a jb on the latest version, but there is a reason why those don't exists anymore - it's not that it's harder or that it was commercialised, It's because there's a real danger involved It's damn serious & I hope Apple will issue an update soon

    11 replies 8 retweets 70 likes
    Undo
  7. 21 hours ago

    I wonder what the advisory would say about this..

    1 reply 9 likes
    Show this thread
    Show this thread
    Undo
  8. 22 hours ago

    This is unreal

    Yes! Apple patched the bug in 12.3 and unpatched it in 12.4.
    4 replies 10 retweets 56 likes
    Show this thread
    Show this thread
    Undo
  9. Aug 17

    Agh I was able to trigger this on iOS but it turns out I missed a call to realloc and was reading uninitialised memory :/ I'll keep looking..

    1 reply 7 likes
    Show this thread
    Show this thread
    Undo
  10. Aug 15

    I just realized I uploaded the crash for the wrong state. It’s the same vulnerability, although one hits an assertion while the other will happily write.

    3 replies 3 retweets 11 likes
    Undo
  11. Aug 14

    I also found a DOS vulnerability while researching this.. Not very interesting tho..

    1 retweet 17 likes
    Show this thread
    Show this thread
    Undo
  12. Aug 14

    Arghh finally triggered the OOB write from the iOS sandbox. It was A LOT more complicated and I still have my doubts about triggering the leak, but let’s see.. Oh and I can trigger the OOB write in 2 different processes now 😉 and yes, it does work on iOS 13 as well.

    14 replies 21 retweets 143 likes
    Show this thread
    Show this thread
    Undo
  13. Aug 12

    So the first is not reachable & I can't leak with the other as it's usually interpreted as an invalid input.. I did find yet another OOB read, leaking the same area where I can also write, but once I leak I can't write to the same buffer :/ Heap fang shui it is I guess🤷‍♂️

    Found 2 OOB read (with controllable sizes) in some XPC service, affecting all Apple's operating systems (including latest betas). I still need a proper research env so I could craft my own payload and see if it leaks something interesting, but that's good enough for today ;-)
    Show this thread
    2 replies 1 retweet 11 likes
    Show this thread
    Show this thread
    Undo
  14. Aug 12

    OOB write works :-)

    4 replies 3 retweets 26 likes
    Undo
  15. Aug 11

    I haven't followed the whole path yet but It looks like I might have an OOB write as well. It's a whole treasure out here :P

    3 replies 1 retweet 15 likes
    Show this thread
    Show this thread
    Undo
  16. Aug 11

    Found 2 OOB read (with controllable sizes) in some XPC service, affecting all Apple's operating systems (including latest betas). I still need a proper research env so I could craft my own payload and see if it leaks something interesting, but that's good enough for today ;-)

    2 replies 1 retweet 40 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    Aug 11

    Porting Sark to IDA 7.4... Should I keep the names of things IDA renamed? Or should I break compatibility where names have been changed? Why?

    1 reply 4 retweets 1 like
    Undo
  18. Aug 10

    Shoutout to and for their crazy and journey! Defiantly worth a read ;)

    Slides for my and Black Hat talk, Inside The Apple T2, are up!
    1 retweet 1 like
    Undo
  19. Retweeted
    Aug 10

    New: the coolest thing I've thing in Vegas all week. gave me a demo of his malicious iPhone lightning cable. Looks and works just like the real thing. But it has an implant, letting a hacker remotely control a victim's Mac. Popped terminal on my Mac

    66 replies 1,741 retweets 3,067 likes
    Show this thread
    Show this thread
    Undo
  20. Retweeted
    Aug 8

    ”There’s this TCL testing tool. Which is called TESTCL, unfortunately. I did not choose the name” – at .

    3 replies 21 retweets 79 likes
    Undo
  21. Retweeted
    Aug 8

    "CONFIDENTIAL"

    120 replies 318 retweets 1,085 likes
    Show this thread
    Show this thread
    Undo

@DanyL931 hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·