You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
super writeup! I think you found a bug in my exploit :) You're right that ports_per_zcram shouldn't be 0xe0 on 16k devices. On 16k page devices an ipc_ports zcram will use 1 16k page, so ports_per_zcram should be 0x61.
This probably has a few consequences, not least that the region of ports within which it searches for the corruption is likely shifted so the corruption might succeed but it'll keep going, eventually panicking.
struct ipc_kmsg is a header for a variable sized structure; I explain it here: https://googleprojectzero.blogspot.com/2017/04/exception-oriented-exploitation-on-ios.html … that's why it looks like I'm reading off the end of it; the mach message body is actually aligned to the end of the allocation.
Thanks for pointing it out! I stared at the "ipc_kmsg_get()" for a little more while and finally understood the weird layout and added the correct description in the annotation. Thanks again for sharing the amazing exploits & techniques, you are the Best!! 
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
