Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details/…
English
Jeremy Boone
2K posts
Jeremy Boone
@uffeux
HW/FW security researcher @ fruit company
Canada Katılım Mayıs 2009
420 Takip Edilen1.3K Takipçiler
Jeremy Boone retweetledi
Broadcom and Cypress chips have the same HCI "backdoor" allowing to write to the Bluetooth chip's RAM. This feature is used for firmware patches.
We didn't request CVEs for that 9 years ago. Instead, we built the InternalBlue Bluetooth research framework.
github.com/seemoo-lab/int…
Tarlogic@Tarlogic
🔷 A backdoor in the ESP32 chip would allow it to infect millions of devices. Miguel Tarascó and @antonvblanco have revealed this at the @rootedcon this backdoor and presented a tool to perform Bluetooth security audits on any gadget. tarlogic.com/news/backdoor-…
English
Jeremy Boone retweetledi
@evilsocket any interest in working on security in compilers? my team is looking for someone with a peculiar intersection of skills/interests:
jobs.apple.com/en-us/details/…
English
Jeremy Boone retweetledi
🔺New on the Apple Security Research blog: introducing Private Cloud Compute! We believe this is the most advanced security architecture ever deployed for cloud AI compute at scale. security.apple.com/blog/private-c…
English
Jeremy Boone retweetledi
Are you excited to use the power of safe modern programming languages like Swift to make software more secure? My SPEAR team at Apple is hiring a Swift Software Engineer to do exactly that! jobs.apple.com/en-us/details/…
English
Jeremy Boone retweetledi
🔺New on the Apple Security Research blog: introducing PQ3, a groundbreaking post-quantum cryptographic protocol for iMessage. To our knowledge, PQ3 has the strongest security properties of any at-scale messaging protocol in the world. security.apple.com/blog/imessage-…
English
that disclosure timeline though...
quarkslab@quarkslab
Is remote code execution in UEFI firmware possible? Yes it is. Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers. Full details by @fdfalcon and @4Dgifts in our new blog post: blog.quarkslab.com/pixiefail-nine…
English
Jeremy Boone retweetledi
Is remote code execution in UEFI firmware possible?
Yes it is.
Meet #PixieFAIL: 9 vulnerabilities in the IPv6 stack of EDK II, the open source UEFI implementation used by billions of computers.
Full details by @fdfalcon and @4Dgifts in our new blog post:
blog.quarkslab.com/pixiefail-nine…
English
@4Dgifts Check out the Tianocore Bugzilla. These were first reported in October and November of 2022. Amazing.
English
Jeremy Boone retweetledi
New Blog: Technical Advisory – Multiple Vulnerabilities in Nagios XI research.nccgroup.com/2023/12/13/tec…
English
Jeremy Boone retweetledi
New Blog: Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call research.nccgroup.com/2023/12/04/tec…
English
Jeremy Boone retweetledi
New Blog: Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 research.nccgroup.com/2023/12/04/sho…
English
Jeremy Boone retweetledi
Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
The Era 100 is Sonos’s flagship device, released on March 28th 2023. NCC found weaknesses within the bootloader which can lead to full compromise of the device.
research.nccgroup.com/2023/12/04/sho…
research.nccgroup.com/2023/12/04/tec…
English
@ryanaraine According to the sequence of steps in this document, I am still stuck at Step #1 after 300+ days. Tianocore hasn't even begun to engage IFVs, ODMs or OEMs. I think the Tianocore PSIRT lives in a time dilation vortex.
English
@ryanaraine I reported 2 vulns in EDK2 that are still unfixed. They are... let me check... 336 days old. Tianocore security team ghosted me. Had to engage downstream vendors to get any traction whatsoever. Still, no fix in sight.
English
Arguing that a 300-day embargo on a vulnerability is somehow reasonable 👇|
uefi.org/sites/default/…
English
Jeremy Boone retweetledi
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3SaMNWM
English
Caliptra is an open source silicon root-of-trust built using Rust on RISCV. Check out our public report: research.nccgroup.com/2023/10/18/pub…
English
Jeremy Boone retweetledi
New Blog: Public Report – Caliptra Security Assessment research.nccgroup.com/2023/10/18/pub…
English
Jeremy Boone retweetledi
Public Report – Caliptra Security Assessment During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. The assessment identified 26 vulnerabilities, which were promptly addressed by the Caliptra... bit.ly/3QoVImr
English