Here's the release from @lorenzoFB which is so far the best writeup. Screenshots of the text messages and everythinghttps://motherboard.vice.com/read/government-hackers-iphone-hacking-jailbreak-nso-group …
-
Important to note: The NSO exploit chain DID NOT include a sandbox escape. This means their kernel exploits were good enough w/o one.
The lack of exploit analysis skill has consequences. No IOCs for pre-compromise detections. You have to wait until you get 0wned to find it.
-
-
People wondering why I'm not surprised: Amateurs produce iOS jailbreaks once a year (Pangu et al). Professionals won't be any less skilled.
-
People asking abt iOS10: Unlikely that existing toolkit works out of the box on 10. Even if underlying vulns still present, kit prob broken.
- 6 more replies
New conversation -
-
-
my analysis tends to be something other than "no capability." F-Secure demo'd capability isn't just at K.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.