You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Today I fully annotated Ian Beer's empty_list iOS exploit. Hopefully, it'll be helpful to a some people...
https://github.com/externalist/exploit_playground …
super writeup! I think you found a bug in my exploit :) You're right that ports_per_zcram shouldn't be 0xe0 on 16k devices. On 16k page devices an ipc_ports zcram will use 1 16k page, so ports_per_zcram should be 0x61.
This probably has a few consequences, not least that the region of ports within which it searches for the corruption is likely shifted so the corruption might succeed but it'll keep going, eventually panicking.
struct ipc_kmsg is a header for a variable sized structure; I explain it here: https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html … that's why it looks like I'm reading off the end of it; the mach message body is actually aligned to the end of the allocation.
I’ll take a closer look tonight on some 16k page devices; maybe they don’t actually take 16k per port zcram. Will post the results and some example code showing how you can find out.
I love watching you guys work 
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
