Scary thought: If this works via clicking a link, it also works when injected into a browser session. Use a VPN!https://github.com/trailofbits/algo …
-
-
Replying to @dguido
Reports from Citizen Lab and Lookout are both out now: Citizen Lab: https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/ … Lookout: https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf …
1 reply 28 retweets 35 likes -
Replying to @dguido
As usual, neither report contains *any* detailed analysis of the exploits, only the malware payload. The skills to do so are too uncommon.
2 replies 11 retweets 9 likes -
Replying to @dguido
"This vulnerability is complex" betrays a huge amount of information about the state of exploit knowledge in public.pic.twitter.com/Bo6NUYNw0p
1 reply 23 retweets 19 likes -
Replying to @dguido
Dan Guido Retweeted
lol don't try this at home kids https://twitter.com/ncweaver/status/768863660550729728 …
Dan Guido added,
This Tweet is unavailable.1 reply 1 retweet 3 likes -
Replying to @dguido
Important to note: The NSO exploit chain DID NOT include a sandbox escape. This means their kernel exploits were good enough w/o one.
5 replies 40 retweets 35 likes -
Replying to @dguido
The lack of exploit analysis skill has consequences. No IOCs for pre-compromise detections. You have to wait until you get 0wned to find it.
2 replies 21 retweets 14 likes -
Replying to @dguido
People wondering why I'm not surprised: Amateurs produce iOS jailbreaks once a year (Pangu et al). Professionals won't be any less skilled.
1 reply 19 retweets 28 likes -
Replying to @dguido
People asking abt iOS10: Unlikely that existing toolkit works out of the box on 10. Even if underlying vulns still present, kit prob broken.
4 replies 6 retweets 7 likes -
Replying to @dguido
The exploit developer, though, would know what to look for in iOS 10; so unfixed vulns will be re-found, possibly quickly.
1 reply 0 retweets 0 likes
there are new exploit mitigations and more code deprecated in every major release. Not a guaranteed.
-
-
Replying to @dguido
yes; but _if_a_known_vulnerability_remains_unfixed_ in 10, it'll be re-found more quickly.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.