Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit (googleprojectzero.blogspot.com)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 27 Mar 16:45
https://inks.tedunangst.com/l/5205

Whilst the Isosceles and Dark Navy posts explained the underlying memory corruption vulnerability in great detail, they were unable to solve another fascinating part of the puzzle: just how exactly do you land an exploit for this vulnerability in a one-shot, zero-click setup? As we’ll soon see, the corruption primitive is very limited. Without access to the samples it was almost impossible to know.

#exploit #iphone #malloc #security

#exploit #inks #iphone #malloc #security

threaded - newest