Such an amazing work! Will you keep it remain open source please?

Install a kext like this one: github.com/bazad/memctl-k… or something similar to get the kernel task port from that.

When you have aarw in JSC, you could have shellcode execution in the JIT page(trivially), which mean that we could branch anywhere because there's no PAC instruction(who even put pac instructions in shellcode?) Am I right?

The Logic is more important than whether the code is written for older version through. I've spent a few hours last night porting the pl192 to new qemu and I still believe porting is trivial work through

Please release it; I'm working on the PCIe port atm. Please, I need some reference coz i'm so new to qemu and there're not so many development documentation around there. Thanks a lot.

Exploit dev is a profession for masochists, full stop.

That said, when you start with exploit dev and pop your first shell you get a rush of optimism which will be violently destroyed once you start working on a complicated target. After much pain you reach a state of deep satisfaction as you get better. Don’t give up too soon. twitter.com/ASpittel/statu…

Catalina(10.15) does not even support x86(32bit), which means the bug is only relevant in older older macOS.

reported, they are still "investigating"

Except when there's an kASLR infoleak

Introducing a new tag to my blog: "0day" trungnguyen1909.github.io/blog/post/Camp… Thanks @Apple and @LinusHenze Don't worry, it can't be exploited in wild :D