So uhhh you're REALLY gonna want to patch your iPhone today.pic.twitter.com/ladv4mVhkp
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
As usual, neither report contains *any* detailed analysis of the exploits, only the malware payload. The skills to do so are too uncommon.
"This vulnerability is complex" betrays a huge amount of information about the state of exploit knowledge in public.pic.twitter.com/Bo6NUYNw0p
lol don't try this at home kids https://twitter.com/ncweaver/status/768863660550729728 …
Important to note: The NSO exploit chain DID NOT include a sandbox escape. This means their kernel exploits were good enough w/o one.
The lack of exploit analysis skill has consequences. No IOCs for pre-compromise detections. You have to wait until you get 0wned to find it.
People wondering why I'm not surprised: Amateurs produce iOS jailbreaks once a year (Pangu et al). Professionals won't be any less skilled.
People asking abt iOS10: Unlikely that existing toolkit works out of the box on 10. Even if underlying vulns still present, kit prob broken.
Absolutely true. 9.3.5 protects you from NSO customers, and expected copycat attacks once exploits become public. iOS10 more meaningful.
lol meant to subtweet Charlie on that last one. He's right. This jailbreak likely affects 10s or 100s of people.https://twitter.com/0xcharlie/status/768888565648412672 …
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.