A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w...
This is horrifying and amazing at the same time. Honesty would be quite exciting to work on the quoted part for a coding challenge.
On a more serious note though - glad this was caught and patched before more human rights abuses could happen.
The bootstrapping operations for the sandbox escape exploit are written to run on this logic circuit and the whole thing runs in this weird, emulated environment created out of a single decompression pass through a JBIG2 stream. It's pretty incredible, and at the same time, pretty terrifying.”Posted on 2021-12-16T04:21:41+0000