Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit
(googleprojectzero.blogspot.com)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 27 Mar 16:45
https://inks.tedunangst.com/l/5205
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 27 Mar 16:45
https://inks.tedunangst.com/l/5205
Whilst the Isosceles and Dark Navy posts explained the underlying memory corruption vulnerability in great detail, they were unable to solve another fascinating part of the puzzle: just how exactly do you land an exploit for this vulnerability in a one-shot, zero-click setup? As we’ll soon see, the corruption primitive is very limited. Without access to the samples it was almost impossible to know.
threaded - newest