Twitter | Pretraživanje | |
Samuel Groß
Works at Google Project Zero. Personal account.
548
Tweetovi
427
Pratim
14.533
Osobe koje vas prate
Tweetovi
Samuel Groß 12. sij
Odgovor korisniku/ci @secureloon
Great to hear, thanks! :)
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 10. sij
Odgovor korisniku/ci @mdowd
whoa thanks Mark! :)
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 10. sij
Odgovor korisniku/ci @NedWilliamson
Thanks Ned!
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 9. sij
Odgovor korisniku/ci @5aelo
The README and various code comments hopefully also help explain how the PoC exploit works: and also
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 9. sij
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage:
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß proslijedio/la je tweet
Tim Willis 7. sij
At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes):
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. pro
Odgovor korisniku/ci @CodeColorist
Yeah there was quite a bit omitted :'D the step is basically using -[CNFileServices dlsym::] to get signed C func pointers, then using -[NSInvocation invokeUsingIMP] to call them, R/W necessary to bridge stuff into JS and construct more fake NSInvocations
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 27. pro
Slides + recording of my talk: had to omit many details, but blogpost coming soon!
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 27. pro
Odgovor korisniku/ci @pwnallthethings
Thanks! =)
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 27. pro
Odgovor korisniku/ci @pwnallthethings
Yes and the recording and hopefully very soon a blog post :)
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 27. pro
My talk on iMessage exploitation () starts in two hours. You can watch it in room Ada or on
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @Fox0x01 @bkth_ i 2 ostali
No :) more like if you have limited resources, it is possible that implementing a new mitigation isn’t the best use of those
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @bkth_ @Fox0x01 i 2 ostali
Well now we are slowly getting into the discussion of how useful mitigations are at all and I would rather not do that now :D instead I would say that the same is true for clearly beneficial somethings such as attack surface reductions and sandboxing
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @Fox0x01 @bkth_ i 2 ostali
So to that and 's point, I'd argue that the reason for e.g. JSC's Structure ID randomization and the Gigacage was precisely that people kept using that same exploit technique *publicly* for years, eventually causing someone to think about a solution
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @MalwareTechBlog @Fox0x01 i 2 ostali
it's hard to know for sure, but we are pretty certain that it did. Anyway, it's a bit complicated... we can chat in person some time :) Coming to 36C3 by any chance?
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @MalwareTechBlog @Fox0x01 i 2 ostali
The problem is that vendors will often somewhat happily spotfix single bugs, but won't make any systematic improvements (attack surface reduction, mitigations, ...) afterwards. Likely only happened because and I made that research public
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Hmmm I would argue that we would probably have a lot less exploit mitigations (or none at all?) today had no one ever published an exploit? But maybe I'm not getting your point...
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @josh_watson @itszn13 i 2 ostali
Yeah we are talking about somewhat different threat models I guess. Anyway, I think we can agree that improving patch rollout times would be helpful here in any case
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @josh_watson @Fox0x01 @maddiestone
My point was that regardless of whether a researcher publishes a PoC after the bug has been fixed, attackers can bindiff/patchdiff after a fix has been implemented but before it's shipped to users and basically get a "free" 0day for some time
Reply Retweet Označi sa "sviđa mi se"
Samuel Groß 28. stu
Odgovor korisniku/ci @Fox0x01 @maddiestone
See other reply. Re. mitigations: that's also where releasing exploits helps as it shows where those mitigations fail and how they can be improved or new ones added
Reply Retweet Označi sa "sviđa mi se"