Tal Lossos

@antoniozekic I doubt it as well. Reported a remote DoS a few months ago and got a reply that it isn't a "security implication"

I haven't noticed and other issue having system termination as impact in Apple's iOS 18 security advisory. Additionally, it appears that Apple is moving in the direction of classifying reported issues as Denial of Service when only Proof of Concept was provided, unlike previous descriptions that mentioned kernel code execution or kernel memory disclosure.

@Guluisacat Same here! Two marked as “addressed”, but one of them is still exploitable with the exact same PoC :)

@karmaz95 And there is the case when they agree that the reported issue is a vulnerability, they fix it but don't grant a CVE 🙃

@karmaz95 This happened to me as well. I reported a TCC bypass to Apple and they replied that it is an "expected behavior" for some reason...

I published two reports I submitted to #Apple earlier this year that were closed as expected behavior, but I can't entirely agree with the decision. From now on, I will also upload PoCs to my YouTube channel (links inside): karol-mazurek.medium.com/apple-gatekeep… Feel free to subscribe & enjoy!

Happy to share that some of my reports were fixed in the new macOS version :) support.apple.com/en-us/121238

Had an amazing experience at @1ns0mn1h4ck this year, talking about adding NVMe-of/TCP to syzkaller. In case you want to check it out: Here’s the recording - m.youtube.com/watch?v=Jc25CM… And the slides - download.scrt.ch/insomnihack/in…

Quite a few people asked me if we’ve found more vulnerabilities in the NVMe Linux kernel driver. So, here is my answer! Check out the blog post of my colleague Alon on his journey of fuzzing the driver with some lovely findings!

Finally got around to publishing this post on a 𝙘𝙧𝙞𝙩𝙞𝙘𝙖𝙡 𝙫𝙪𝙡𝙣𝙚𝙧𝙖𝙗𝙞𝙡𝙞𝙩𝙮 𝙞𝙣 𝙖 #𝗖𝗼𝘀𝗺𝗼𝘀𝗦𝗗𝗞 𝙘𝙝𝙖𝙞𝙣! Dive in if you're interested in the security of the #IBC protocol and the Cosmos in general 🪐✨ cyberark.com/resources/thre…

Interesting reading on how to use Static Code Analysis tools for finding vulnerabilities (with a NULL Pointer Dereference in the NVMe driver of the Linux kernel as practical example) Credits @TalLossos (@TalLossos) cyberark.com/resources/all-… #Linux #kernel #infosec

Check it out! Our resident expert reverse engineer @TalLossos giving his talk on at REcon Montreal. Topic: Vulnerabilities in the NVMe (Non-Volatile Memory Express) protocol and its extension, NVMeoF (NVMe over Fabrics).

The recorded session of my talk at @reconmtl is live! youtube.com/watch?v=szCZH6…

#HITB2023HKT The blog post version of this talk is now available vul.360.net/archives/699 and the slides are here conference.hitb.org/hitbsecconf202…

Did you know that NVMe over TCP exists? I sure didn't, but it's a super interesting attack vector. @TalLossos just put out an excellent blogpost of using CppCheck to find a null pointer deference in the Linux kernel’s NVMe driver. Check it out! cyberark.com/resources/thre…

A deep dive into how we've found some cool low-hanging-fruits in the Linux kernel 🐞🔍cyberark.com/resources/thre…

Very excited to present my talk at @HITBSecConf ! Cya soon :) conference.hitb.org/hitbsecconf202… #HITB2023HKT

Recon 2023 Talk selection has been released, cfp.recon.cx/2023/featured/ The Conference schedule will be published soon. Register here: recon.cx/2023/index.html See you in June! #cybersecurite #REcon2023 #ReverseEngineering

.@TalLossos explaining how he's exploiting 3rd party kernel modules. In this case, OpenRazer... #RSAC2023 #opensource #bufferoverlow #fuzzing

I'm excited to share that I will present one of my latest projects at @reconmtl ! Stay tuned and cya there :)

Had a blast. You should definitely check it out if you wanna see how I've exploited it to a LPE, in a colorful way of course 🔴🔵🟢🟡

@LiveOverflow inb4 macOS

Containers have completely ruined the feeling of seeing `uid=0(root)` 😢