Pretty sick... potential for exploitation through iMessage/SMS! - Apple Remote Code Execution With Image Files http://blog.talosintel.com/2016/07/apple-image-rce.html …
I wrote up my high level impressions of this bug for iOS. tl;dr under-whelmed over-hypedhttps://www.reddit.com/r/netsec/comments/4tnoxr/apple_imageio_bug_allows_remote_code_exec_buffer/d5ir2mt …
-
-
@antisnatchor@flyryan@daveaitel note that commcenter no longers run as root but as '_wireless' -
Thanks! It's been a long time since anyone I know has looked at CommCenter.
End of conversation
New conversation -
-
-
We do have a safari exploit, iMessage vector is there but no public infoleak technique. no keychain, browser mem
-
even what is 'public' from the StageF stuff is still via browser.No public PoCs ever via chat/SMS
End of conversation
New conversation -
-
-
'Stagefright could target code that wasn't protected by ASLR' - not really. The ASLR is just not very good.
-
'there is no code signing on Android' - there's verified boot. Apps have signatures but it's a different system.
- 7 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.