X Site eScape (Part II): Look Up a Shell in the Dictionary
A funny bug chain turing inter-process XSS to native code execution for sandbox escape.
X Site eScape (Part II): Look Up a Shell in the Dictionary
A funny bug chain turing inter-process XSS to native code execution for sandbox escape.
X Site eScape (Part III): CVE-2020-9860, A Copycat
Copycat.
X Site eScape (Part III): CVE-2020-9860, A Copycat
Copycat.
X Site eScape (Part I): Exploitation of An Old CoreFoundation Sandbox Bug
Triggering inter-process XSS for fun and profit.
X Site eScape (Part I): Exploitation of An Old CoreFoundation Sandbox Bug
Triggering inter-process XSS for fun and profit.
Revisiting An Old MediaRemote Bug (CVE-2018-4340)
Useless bugs are just being given up too early.
Revisiting An Old MediaRemote Bug (CVE-2018-4340)
Useless bugs are just being given up too early.
Two macOS Persistence Tricks Abusing Plugins
Similar to DLL sideloading, legit plugins on macOS could be abused to load executable code on startup.
Two macOS Persistence Tricks Abusing Plugins
Similar to DLL sideloading, legit plugins on macOS could be abused to load executable code on startup.
Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
Relying on pid to validate IPC peer is unsafe.
Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
Relying on pid to validate IPC peer is unsafe.