Also note that as a @neo4j based network, it can easily be queried using #cypher, allowing the usage of different graph based algorithms such as shortest-path that was used below to query Executables--IOService paths for example.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Apple just released iOS 12.3, which includes patches for 3 vulnerabilities I discovered:
CVE-2019-8593
CVE-2019-8568
CVE-2019-8637
I’ll publish the exploits as soon as possible.
Note that the advisory is somewhat wrong.
I was too late to reply Apple to correct it, but I’ll make it clear when I publish my work.
Just to clarify - The exploits will open a wider attack surface which can be used to further exploit the device (with additional vulnerabilities).
They most likely be used for research purposes, unless someone is willing to disclose more vulnerabilities.