Surprised to see no patch available for watchOS, which can also receive images via iMessage. Not important enough to patch, or not vulnerable, or just not exploited in the wild yet?
Readit News0x0 commented on iOS 18.6.1 0-click RCE POC github.com/b1n4r1b01/n-da... · Posted by u/akyuu
I was hoping this would work over ssh in a macOS Terminal.app, but last I tried it was inserting all kinds of weird characters into the edited text files.
Windows ships an official OpenSSH server these days, but so far there haven't been any good official text editors that work over OpenSSH, as far as I know.
I've had to resort to "copy con output.txt" the few times I needed to put things into a text file over windows-opensshd...
0x0 commented on Beating Google's kernelCTF PoW using AVX512 anemato.de/blog/kctf-vdf... · Posted by u/anematode
Boss want a strictly fixed budget for running those cool programs. The rationale behind these programs (at least partially) is about measuring exploits and mitigations dynamics, not buying bugs. And, Linux is just too buggy that if you pay for every 0-day it's basically out of control. Google tried to do so (and to drain people's hoarded bugs) once, ran a limited time promotion with no race, every 0 day counts, got flooded.
And at the same time you don't want to piss the community, so here we go.
If linux kernel security really is so bad that google had to add a proof-of-work to introduce a 4 second race for 0day submissions, I'm surprised they're ok with still using the Linux kernel as the base for Android.
0x0 commented on Mozilla to shut down Pocket and Fakespot support.mozilla.org/en-US... · Posted by u/phantomathkg
Safari only exist on Apple devices, and generally had even less features than Firefox.
> Safari only exist on Apple devices
Webkit, at least, builds on a lot more platforms than you think. Take a look at https://build.webkit.org/#/builders
I'm seeing at least three other MAJOR platforms:
• GTK-Linux-64-bit-Release-Build
• PlayStation-Release-Build
• Windows-64-bit-Release-BuildDeleted Comment
0x0 commented on Ssl.com: DCV bypass and issue fake certificates for any MX hostname bugzilla.mozilla.org/show... · Posted by u/xPaw
So I guess you couldn't get certificates for any random (MX) domain, only for those where you can obtain an inbox / user account. Still really bad, especially for things like gmail.com, but also larger enterprises. Intense.
I saw this on twitter a few hours ago on my phone, and misread the price as $25, so I was considering maybe putting in an order or even two, but when I revisited the site on my laptop and discovered it was $250, my curiosity hit a wall. Looks like a super neat product but unfortunately a bit overpriced for a gimmick.
0x0 commented on Rsync replaced with openrsync on macOS Sequoia derflounder.wordpress.com... · Posted by u/zdw
I recently ran into an issue with this because building an iOS .ipa from the command line with xcodebuild apparently ends up shelling out to call rsync to copy some files between local directories, and because I had homebrew rsync earlier in $PATH, it would end up running homebrew rsync, but xcodebuild passed an openrsync-only command line argument "--extended-attributes" that homebrew rsync doesn't understand and would exit with a failure.