Not directly related, and I've said it before, but it's useful to see what ITW categories get exploited, use it to guesstimate profitability, level of complexity, and engineering work, and use it as a level-setting exercise for bug bounty payoutshttps://twitter.com/pwnallthethings/status/1416800505049845760 …
-
Show this thread
-
For reference, the SMS/browser chains here look likely to sit in the "one click with kernel execution including PAC bypass and no persistence" category, so probably at the $250k mark in the Apple Security program.
2 replies 6 retweets 41 likesShow this thread -
Replying to @pwnallthethings
A good illustration that exploits like this are well within the budget of Lesotho, let alone large state actors.
1 reply 0 retweets 4 likes -
Replying to @Pinboard
I don't think you'd find exploit chains like this at that price anywhere outside of some deluded fantasy of some Apple executives tho.
2 replies 1 retweet 7 likes -
Replying to @pwnallthethings @Pinboard
My point is that the security program is several factors short of even covering the salaries of the researchers who built it, never mind coming close to denting the offensive market.
0 replies 0 retweets 10 likes -
This Tweet is unavailable.
-
It's a shame that Apple has no money and can't afford things.
2 replies 0 retweets 16 likes
If an exploit existed that made iPhones thicker they'd spend half their budget on countermeasures
-
-
Good. It should cut me like a razor.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.