Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @i41nbeer
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @i41nbeer
-
We’ll look at how the attackers modify their exploitation techniques over time to defeat new mitigations, and investigate the capabilities of the attacker’s implant to access personal information on the exploited devices.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
It covers every vulnerability in detail, including root cause analysis, what steps could have been taken to prevent the bugs, and what steps should be taken to ensure they don’t happen again.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html … thanks to
@_clem1,@5aelo for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
hello
#35C3Thanks. Twitter will use this to make your timeline better. UndoUndo -
A blog post about turning back the clock to 2014, and thinking about what 2022 might be like: https://googleprojectzero.blogspot.com/2018/10/deja-xnu.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
And if you're using the mptcp/vfs exploits for security research (eg with Electra 11.3.1) you should just keep using that. I'll release the 11.4.1 exploits I have but the focus will shift to iOS 12 now :)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The iOS 12 security bulletin seems to only include iOS-only bugs this time (as opposed to those which affect iOS *and* MacOS.) There are far more fixes in iOS 12 than are mentioned, including a nasty logic bug to break you out of the app sandbox. Update your personal devices!
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Here are the slide from my
#blackhat talk yesterday: https://docs.google.com/presentation/d/16LZ6T-tcjgp3T8_N3m0pa5kNA1DwIsuMcQYDhpMU7uU/edit?usp=sharing … Please expand the speaker notes if you read it!Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
I'd love to get a chance to sit down with you and discuss how together we can make iOS even more secure for all our users. Cheers, Ian Beer.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Hi
@tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to@amnesty?pic.twitter.com/VUKj7BaJ4P
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Please read README_KDP before trying to use this. There are many limitations, but I have found it useful for vulnerability research nevertheless.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Here's an updated version of async_wake with a more usable KDP-based kernel debugger: https://bugs.chromium.org/p/project-zero/issues/detail?id=1417#c17 …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Slides from my
#MOSEC2018 talk "build your own iOS kernel debugger": https://bugs.chromium.org/p/project-zero/issues/attachment?aid=346425&signed_aid=drSMyPfPWvCZgYKtiwI2iA== …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Fixing that in combination with enabling 20 spinner threads seems to show reliability closer to 50% in some very unscientific testing, but I'm sure there are still plenty of bugs.
@Externalist's writeup had plenty more good ideas for improving reliability.Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
credit to
@Externalist for spotting a bug in empty_list: on devices with 16k pages there are 0x61 ipc_port allocations per zone refill (not sure where 0xe0 came from...); so it should look like this: int ports_per_zcram = kernel_page_size == 0x1000 ? 0x49 : 0x61;Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
empty_list, a proof-of-concept exploit for the getvolattrlist iOS 11.3.1 kernel bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … Please read the README.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
(footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
The trigger is here: https://bugs.chromium.org/p/project-zero/issues/detail?id=1564 … If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.