FélixReading Linus’s security radars just to feel something
Julien Perrot
- 360 Followers
- 320 Following
- 12 Posts
Security researcher at Apple
Hacker NewsiPhone: Why Apple is working hard to break into its own phones
L: https://www.independent.co.uk/tech/why-apple-is-working-hard-to-break-into-its-own-iphones-b2449242.html
C: https://news.ycombinator.com/item?id=38328148
posted on 2023.11.18 at 21:55:35 (c=1, p=4)
L: https://www.independent.co.uk/tech/why-apple-is-working-hard-to-break-into-its-own-iphones-b2449242.html
C: https://news.ycombinator.com/item?id=38328148
posted on 2023.11.18 at 21:55:35 (c=1, p=4)
Thomas Bosboom ✅
Christina WarrenApple added #DX12 support to macOS and Apple Silicon via its Game Porting Toolkit. It’s basically a 20k patch to Wine that will make it easy to play AAA Windows games on macOS without using a VM. https://github.com/apple/homebrew-apple
Brandon AzadWhat if we had the SockPuppet vulnerability in iOS 16?
This post examines how an old XNU kernel UAF would fare under the kalloc_type allocator. A key takeaway is that at least in the iOS kernel, randomized, bucketed type isolation seems able to put a practical upper bound on the per-boot exploit success rate for some vulnerabilities. For SockPuppet, we estimate that the best possible exploit might only succeed on 92% of booted systems, whereas it used to be 100% reliable. Kernel UAFs in general are still exploitable, but kalloc_type seems to make them notably less attractive.
https://security.apple.com/blog/what-if-we-had-sockpuppet-in-ios16/
Blog - What if we had the SockPuppet vulnerability in iOS 16? - Apple Security Research
The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this detailed analysis, we find out what might happen if SockPuppet were to meet kalloc_type in iOS 16.
Dimitri FournyNew vulnerability researcher roles open! Paris or Cupertino:
https://jobs.apple.com/fr-fr/details/200472638/vulnerability-researcher / https://jobs.apple.com/en-us/details/200473580/vulnerability-researcher?team=SFTWR
Raphaël RigoThe SSTIC challenge is out !
https://www.sstic.org/2023/challenge/
https://www.sstic.org/2023/challenge/
Jacques FortierIf you’re a low-level software engineer who wants to help take software security to the next level, I would love to talk to you about joining our team: https://jobs.apple.com/en-us/search?search=SPEAR2023&sort=relevance&location=united-states-USA
Pierre H.If you want to come work and build the next kalloc_type(), blastdoor, lockdown mode, 🔥🌸 <insert your favorite mitigation or technology here>, then this is the team for you.
Its purpose is precisely that, and you’d be working with the people who’ve done the above and then some.
https://mastodon.social/@jacquesf/110107440666553492
This is the team I have actually joined SEAR to staff, and this is our mission statement: https://mastodon.social/@jacquesf/110107444554498266
And this is important to stress, we aren't necessarily looking for security experts as @jacquesf mentions in https://mastodon.social/@jacquesf/110107450707960028 several of us come from various non security backgrounds.
We're looking for a diverse crowd of generalists who have an affinity for security and want to continue the trend of making a difference in the vein of https://mastodon.social/@jacquesf/110107445178605599.
Lukasz OlejnikApple iOS 16.3 release fixes some pretty critical security, also privacy, bugs. Be sure to upgrade immediately. Security release comes also for iOS 12.5.7 - extremely old devices like 10-year old 5s. We should all commend Apple for such a responsibility. That is impressive. https://support.apple.com/en-gb/HT213606
