Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @DanyL931
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @DanyL931
-
Pinned Tweet
Just uploaded the details and exploits for the vulnerabilities addressed in iOS 12.3, It was a fun project and I hope you enjoy my work.https://github.com/DanyL/lockdownd_playground …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I can verify that CVE-2019-8593, CVE-2019-8568 and CVE-2019-8637 are still patched in iOS 12.4.https://twitter.com/DanyL931/status/1129805135255867392 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
OpenDrop: An Open Source AirDrop Implementationhttps://github.com/seemoo-lab/opendrop …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
I don’t think any reasonable person would disagree, however, having to sit on unpatched versions for months/years in the hope of a jailbreak has its security issues too - maybe jailbreakers are unlikely to be the same people targetted, NSA/Gov tech peeps excluded.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
Very true. Think of all the people that have no interest and/or have never even heard of a jailbreak that are currently at risk.https://twitter.com/DanyL931/status/1163147655020724225 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I know the community is happy to get a jb on the latest version, but there is a reason why those don't exists anymore - it's not that it's harder or that it was commercialised, It's because there's a real danger involved It's damn serious & I hope Apple will issue an update soon
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I wonder what the advisory would say about this..
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
-
Agh I was able to trigger this on iOS but it turns out I missed a call to realloc and was reading uninitialised memory :/ I'll keep looking..
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I just realized I uploaded the crash for the wrong state. It’s the same vulnerability, although one hits an assertion while the other will happily write. https://twitter.com/danyl931/status/1161799075513229312 …pic.twitter.com/lnJ8e1vN6j
Thanks. Twitter will use this to make your timeline better. UndoUndo -
I also found a DOS vulnerability while researching this.. Not very interesting tho..
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Arghh finally triggered the OOB write from the iOS sandbox. It was A LOT more complicated and I still have my doubts about triggering the leak, but let’s see.. Oh and I can trigger the OOB write in 2 different processes now
and yes, it does work on iOS 13 as well.pic.twitter.com/7RlQBcAltx
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
So the first is not reachable & I can't leak with the other as it's usually interpreted as an invalid input.. I did find yet another OOB read, leaking the same area where I can also write, but once I leak I can't write to the same buffer :/ Heap fang shui it is I guess
https://twitter.com/DanyL931/status/1160681674226769923 …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
I haven't followed the whole path yet but It looks like I might have an OOB write as well. It's a whole treasure out here :P
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Found 2 OOB read (with controllable sizes) in some XPC service, affecting all Apple's operating systems (including latest betas). I still need a proper research env so I could craft my own payload and see if it leaks something interesting, but that's good enough for today ;-)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
Porting Sark to IDA 7.4... Should I keep the names of things IDA renamed? Or should I break compatibility where names have been changed? Why?
#IDAPython#IDA#SarkThanks. Twitter will use this to make your timeline better. UndoUndo -
Shoutout to
@sirus and@jlericks for their crazy#T2 and#BridgeOS journey! Defiantly worth a read ;)https://twitter.com/sirus/status/1160313084268797952 …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
New: the coolest thing I've thing in Vegas all week.
@_MG_ gave me a demo of his malicious iPhone lightning cable. Looks and works just like the real thing. But it has an implant, letting a hacker remotely control a victim's Mac. Popped terminal on my Machttps://www.vice.com/en_us/article/evj4qw/these-iphone-lightning-cables-will-hack-your-computer …Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky Retweeted
”There’s this TCL testing tool. Which is called TESTCL, unfortunately. I did not choose the name” –
@Kuggofficial at#BHUSA.pic.twitter.com/gxcApvtPAe
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Dany Lisiansky RetweetedThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.