Profile picture
, 3 tweets, 1 min read
My Authors
Read all threads
9/14 vulnerabilities used in multiple in-the-wild iOS exploit chains are memory unsafety. The non-memory-safety issues are all JIT issues. googleprojectzero.blogspot.com/2019/08/a-very… #memoryunsafety
Every single privilege escalation in these exploit chains was memory unsafety. 100%.
Journalists, when Apple states that they take security seriously ask them when they expect to start shipping code written in a memory safe language in the kernel. Until the answer is "the next release", challenge their commitment.
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Fish in a Barrel

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#memoryunsafety

Related threads

Profile picture
Barb Chamberlain
@barbchamberlain
At @AASHTOSpeaks Joint Policy Conference of Committee on Design and Council on Active Transportation (I'm a member of that). Flexible design workshop to kick it off. #infrastructure #RoadSafety
Joyce Taylor, Maine DOT Chief Engineerb Over the years people have debated names for different approaches to streets that serve people. Let's call it GOOD DESIGN. #AASHTO #infrastructure #RoadSafety #PeopleStreets #HealthyStreets
Shari Schaftlein, FHWA Office of Human Environment, on context sensitive solutions/design. Case studies/resources fhwa.dot.gov/planning/css/. #AASHTO #infrastructure #RoadSafety #PeopleStreets
Read 149 tweets
Profile picture
John Suarez ن
@johnjsuarez
Detente with the Castro regime had and continues to have negative and unintended consequences. The consensus with Europe established in 1996 in the EU Common Position, linking improved relations to improvement in human rights, was ended. cubanexilequarter.blogspot.com/2019/06/review… 1/25
The influx of cash and international legitimacy during the Obama Administration emboldened the dictatorship to behave more aggressively in the region, and against the democratic opposition in Cuba. cubanexilequarter.blogspot.com/2019/06/review… 2/25
It was a policy born of secrecy, great injustices, skirting Congressional oversight, and U.S. law. cubanexilequarter.blogspot.com/2019/06/review… 3/25
Read 25 tweets
Profile picture
Catalin Cimpanu
@campuscodi
Microsoft: 70 percent of all security bugs are memory safety issues

zdnet.com/article/micros…
Memory safety vulnerabilities are also very popular with hackers, as use after free and heap corruption bugs are often at the source of many exploits spotted in the wild
Another trend is that adjacent buffer overruns have become less common. Non-adjacent (out-of-bounds reads/writes) are now found more often.
Read 4 tweets
Profile picture
Thomas Rid
@RidT
Another infosec fact check here, this time related to Shadow Brokers and ETERNALBLUE:

1—We know TSB posted a list of NSA exploit codenames (but not actual exploits) on this site 8 Jan 2017

See @MalwareJake
malwarejake.blogspot.com/2017/01/implic…
2—We know some of those exploits used what were then 0-days
arstechnica.com/information-te…
3—We know that NSA then reported a number of vulnerabilities to Microsoft washingtonpost.com/business/techn…
Read 5 tweets
Profile picture
progmofo
@progmofo
I have said for years that Google's ProjectZero's only purpose is to humiliate rivals and not secure operations at Google. Case in point:

theverge.com/2018/12/10/181…

googleprojectzero.blogspot.com/2018/12/advent…

vs.

googleprojectzero.blogspot.com/2018/11/inject…

Let's talk...
From what I can read the vulnerability in the G+ API and they claim was only active for 7 days, but affecting 52 million people. The WebRTC bugs found in post #2 were in Chromium for a while from what I can tell. Both of these posts sound really weird though.
So, Google claims the G+ bug was only live for 7 days when they made a change....to a platform they are shutting down...and even though they fixed it...they're going to speed up the shut down...and this is their 2nd one? So they're making changes and causing 2 security holes?
Read 13 tweets

Trending hashtags

#HowEmbarrassing #WhereAreTheChildren #ApnaVoteSahiHathMeDijiye #AmitShahHomeMinistry #BusSafety #IndiaWithNaMo #BJPSankalpPatr2019 #Moditransformsbharat #bikeNV #RamadanMubarak #FakeNews #evergreen #non #GifMignogna #IPL #GoBackRahul #PhirEkBaarModiSarkar #HinduTerror #RailTrails #VijayiBharat #British #DMKFails #GRTAmerican #EVM #AssemblyTransport
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!