Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
Blokirali ste korisnika/cu @fergofrog
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @fergofrog
-
Fergus proslijedio/la je Tweet
macOS forensic artifact stream incoming.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Fergus proslijedio/la je Tweet
Not "possibly the biggest". THE Biggest. Congratulations to
@axi0mx! Thankfully AAPL eventually patched this - the stuff Cellebrite , Grey key etc base their entire business model on. For researchers,this is a great boon:Brings back tethered, JB&opens up dual boot, for life!https://twitter.com/axi0mX/status/1177542362853040129 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Fergus proslijedio/la je Tweet
We hacked our way to executing an interactive bash shell on iOS on QEMU. We based the research on the work done by
@zhuowei. Thanks!https://alephsecurity.com/2019/06/17/xnu-qemu-arm64-1/ …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Unless there's a driver that happily passes sockaddr's from userland into mptcp straight through mptcp_connectx, rather than mptcp_usr_connectx, this is not an exploitable bug. Definitely doesn't require additional checks to be added, or a CVE to be assigned.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Finally mptcp_check_subflows_and_add, either passes a fixed length dst struct, or one from mpte->mpte_dst, which is set from https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_usrreq.c.html#353 …, which is our dear friend from before, mptcp_usr_connectx, which checks sa_len.
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
mptcp_subflow_connected_ev operates on the CONNECTED event, called at https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#3219 …. The mpts->mpts_dst, however, only has uses in two other functions mptcp_subflow_add (the function in question) and https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#mptcp_subflow_soconnectx … (does check sa_len).
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Makes it very easy to verify
@s1guza/@NedWilliamson's points regarding@RazMashat/@userlandkernel's unexploitable bug. From https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_subr.c.html#mptcp_subflow_add … there are 3 uses. For the simple case, the sa_len is checked at https://fergofrog.com/code/cbowser/xnu/bsd/netinet/mptcp_usrreq.c.html#325 … (mptcp_usr_connectx).Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Updated the XNU code browser to xnu-4903.221.2. https://fergofrog.com/code/cbowser/xnu/ …
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
I've released an updated guide on compiling xnu 4903.221.2 (macOS 10.14.1) for arm64. No code changes required this time - thanks Apple!https://blog.fergofrog.com/xnu/arm64/2018/12/23/compile-xnu-4903.221.2-for-arm64.html …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.