#FreeTheSandbox

313 posts

#FreeTheSandbox

@FreeTheSandbox

An official account for the #FreeTheSandbox Initiative that promote local admin rights for on *our* smartphones. It's simple: Local admin = more innovation!

Planet Earth Katılım Kasım 2019

10 Takip Edilen6K Takipçiler

Sabitlenmiş Tweet

#FreeTheSandbox@FreeTheSandbox·4 Nis

A friendly reminder: hundreds of organizations develop, and sell / resell offensive cyber capabilities vs. smartphones. Oftentimes, zero-clicks. And yet, as of April 4th, 2021 - the sandbox developed by @Apple and @Google actively helps them to hide. It's time to #FreeTheSandbox

English

#FreeTheSandbox@FreeTheSandbox·17 Ağu

You may want to stay on 15.6 if you aim for full access to your device. This is unfortunate that we must keep the device in a vulnerable state to get a local admin on our phone... but this is the reality. Hopefully it will be fixed soon with #FreeTheSandbox

ZecOps - A Jamf Company@ZecOps

[IMPORTANT] Using an iPhone or iPad? make sure to update to the latest iOS and iPadOS that fixes two vulnerabilities that may have been exploited in the wild in one-click and potentially also zero-click attacks! More details on Apple's website: support.apple.com/en-us/HT213412

English

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·16 Ağu

Fake Droids: Your New Android Device is Actually an Old Android 6 via @ZecOps Blog blog.zecops.com/research/fake-…

English

#FreeTheSandbox retweetledi

Zuk@ihackbanme·11 Şub

Surprise surprise! Another day another 0day exploited in the wild bleepingcomputer.com/news/security/… Incremental patches/mitigations will never work against determined individuals. The only thing that will help to reduce mass surveillance on mobile phones is more eyes. #FreeTheSandbox 👊

English

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·5 Oca

Demo: youtube.com/watch?v=g_8JVU…

YouTube

Español

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·5 Oca

[New Research] iOS Persistence without "Persistence": Meet The Ultimate Persistence Bug - #NoReboot via @ZecOps Blog blog.zecops.com/research/persi…

English

231

#FreeTheSandbox@FreeTheSandbox·14 Ara

Remote + LPE on iOS 15.1 ? support.apple.com/en-us/HT212976

GIF

Español

#FreeTheSandbox retweetledi

Zuk@ihackbanme·14 Ara

iOS 15.2 is out and it is wild. Many remote and local security issues. If you care about your iPhone/iPad security you should update soon. [Source: support.apple.com/en-us/HT212976]

English

188

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·4 Kas

How iOS Malware Can Spy on Users Silently? blog.zecops.com/research/how-i… via @ZecOps blog (POC included)

English

156

#FreeTheSandbox@FreeTheSandbox·3 Kas

The day is coming. Consumers are waking up. Saying "no more" - you can't secure the platform 100% by definition - let us try too. #FreeTheSandbox #LocalAdminOnMobile #TheSpiceMustFlow

Zuk@ihackbanme

Mobile is a platform where attackers gets a better access than the victim trying to protect themselves, example #28241: Google Warns of New Android 0-Day Vulnerability Under Active Targeted Attacks thehackernews.com/2021/11/google…

English

#FreeTheSandbox@FreeTheSandbox·29 Eki

@AOC What do you think about the lack of local-admin rights on smartphones allowing attackers to stay hidden, and users cannot do anything about it? Don't you think it's more dangerous to democracy than some of the other things you highlight (which are important too) ?

English

#FreeTheSandbox@FreeTheSandbox·27 Eki

@SwagOrangeJuice @ZecOps This blog provides a way to reproduce the UAF vulnerability but I doubt this specific vulnerability will turn into a full LPE. Other patched bugs in 15.1 can be relevant. The previous tweet is more about sending ♥️ to the @ZecOps team for great write-ups!

English

#FreeTheSandbox@FreeTheSandbox·27 Eki

<3 @ZecOps

ZecOps - A Jamf Company@ZecOps

[iOS 15.1 Update]: Use-After-Free in Voice Control: CVE-2021-30902 Write-up via @ZecOps Blog blog.zecops.com/research/use-a…

#FreeTheSandbox@FreeTheSandbox·17 Eki

[3/3] Let's acknowledge the reality: time after time, attack after another, smartphones are as breakable, if not even more than our computers. We rely on smartphones for everything. We have to be able to secure them. #LocalAdminOnSmartphones #FreeTheSandbox #DeviceNeutrality

English

#FreeTheSandbox@FreeTheSandbox·17 Eki

[2/N] How are we supposed to defend ourselves when it's not a level playing field? It's time to give users local-admin rights. It's time to #FreeTheSandbox and level the playing field.

English

#FreeTheSandbox@FreeTheSandbox·17 Eki

Hackers continuously able to break the iOS (and most of the time Android too) security models. Successfully compromising devices remotely while obtaining full access. Hackers have better access than what device-owners are allowed to have ! Why ?

mj0011@mj0011sec

Team PangU pwned iPhone13 Pro remote jailbreak on the day1 of TianfuCup, will take $300k as reward and ranked as #1 currently.

English

#FreeTheSandbox retweetledi

Haifei Li@HaifeiLi·16 Eki

#freethesandbox !:-) @ihackbanme

mj0011@mj0011sec

Team PangU pwned iPhone13 Pro remote jailbreak on the day1 of TianfuCup, will take $300k as reward and ranked as #1 currently.

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·14 Eki

[BREAKING] CVE-2021-30858 iOS WebKit RCE 0-day in the wild: googleprojectzero.github.io/0days-in-the-w… including POC. Can be chained with CVE-2021-30883 and used in 1-clicks and water-holing attacks against iOS users. Update to the latest version as soon as possible.

English

170

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·12 Eki

We can confirm that the recently patched iOS 15.0.2 vulnerability, CVE-2021-30883, is also accessible from the browser: perfect for 1-click & water-holing mobile attacks. This vulnerability is exploited in the wild. Update as soon as possible.

ZecOps - A Jamf Company@ZecOps

[BREAKING] @Apple just released iOS 15.0.2 and patched CVE-2021-30883, yet another vulnerability in IOMobileFrameBuffer, that was *exploited in the wild*. [ACTION REQUIRED] Update your iOS devices as soon as you can.

English

158

#FreeTheSandbox@FreeTheSandbox·12 Eki

The time has come 🥶. #FreeTheSandbox

ZecOps - A Jamf Company@ZecOps

Some technical details and POC of the IOMFB Integer (CVE-2021-30883) Overflow are already available by the fantastic @AmarSaar saaramar.github.io/IOMFB_integer_…

English

#FreeTheSandbox retweetledi

ZecOps - A Jamf Company@ZecOps·11 Eki

This vulnerability is possibly related to: CVE-2021-30807, also in IOMobileFrameBuffer, that was patched in iOS 14.7.1. The vulnerability provides to attackers kernel privileges after they already gained initial code execution capabilities on the device.

English

Keşfet

@ZecOps @AOC @ihackbanme @elonmusk @BarackObama @taylorswift13 @cristiano @BillGates