Inside iOS 27's Reworked Stub Islands
How iOS 27 trims the dyld shared cache and updates stub island trampolines
Read article
Abusing tclsh to Load (Remote) Shellcode on macOS
Yet another LOOBins
Abusing tclsh to Load (Remote) Shellcode on macOS
Yet another LOOBins
Mistuned Part 3: PAC Bypass
Bypass hardware assisted mitigation using Objective-C runtime.
Mistuned Part 3: PAC Bypass
Bypass hardware assisted mitigation using Objective-C runtime.
Mistuned Part 2: Butterfly Effect
A simple access control issue makes a huge difference, leading to infoleak and use after free.
Mistuned Part 2: Butterfly Effect
A simple access control issue makes a huge difference, leading to infoleak and use after free.
Mistuned Part 1: Client-side XSS to Calculator and More
Remotely pwn iOS and pop up arbitrary app with 0 memory corruption.
Mistuned Part 1: Client-side XSS to Calculator and More
Remotely pwn iOS and pop up arbitrary app with 0 memory corruption.
Quick Analysis for the SSID Format String Bug
A rogue Wi-Fi hotspot can crash your phone.
Quick Analysis for the SSID Format String Bug
A rogue Wi-Fi hotspot can crash your phone.