DER Entitlements: The (Brief) Return of the Psychic Paper | allinfosecnews.com

g

Jan. 12, 2023, 4:59 p.m. | noreply@blogger.com (Google Project Zero)

Project Zero googleprojectzero.blogspot.com

Posted by Ivan Fratric, Project Zero

Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be exploitable on iOS 16 and macOS Ventura, iOS 16.2 and macOS Ventura 13.1 nevertheless shipped hardening changes related to it.

Last year, I spent a lot of time researching the security of applications built on top of XMPP, an instant messaging protocol based on XML. More specifically, my research focused …

applications cve hardening instant messaging ios ios 15 ios 16 ios 16.2 macos macos monterey macos ventura messaging monterey project project zero protocol return security ventura vulnerability xmpp

More from googleprojectzero.blogspot.com / Project Zero

Pr

The Windows Registry Adventure #2: A brief history of the feature 2 weeks, 1 day ago | googleprojectzero.blogspot.com

database feature google google project zero +13

Pr

The Windows Registry Adventure #1: Introduction and research results 2 weeks, 1 day ago | googleprojectzero.blogspot.com

bugs december december 2023 escalation +22

Pr

First handset with MTE on the market 6 months ago | googleprojectzero.blogspot.com

arm back brand device +12

Pr

An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit 6 months, 2 weeks ago | googleprojectzero.blogspot.com

amnesty amnesty international analysis apple +29

Pr

Analyzing a Modern In-the-wild Android Exploit 7 months, 2 weeks ago | googleprojectzero.blogspot.com

actor analysis android android devices +19

Pr

Summary: MTE As Implemented 9 months ago | googleprojectzero.blogspot.com

access arm blog blog post +13

Pr

MTE As Implemented, Part 1: Implementation Testing 9 months ago | googleprojectzero.blogspot.com

access architecture arm brand +12

Pr

MTE As Implemented, Part 3: The Kernel 9 months ago | googleprojectzero.blogspot.com

access architecture arm brand +11

Pr

MTE As Implemented, Part 2: Mitigation Case Studies 9 months ago | googleprojectzero.blogspot.com

access architecture arm brand +14

Security Specialist

@ Nestlé | St. Louis, MO, US, 63164

View on infosec-jobs.com

Cybersecurity Analyst

@ Dana Incorporated | Pune, MH, IN, 411057

View on infosec-jobs.com

Sr. Application Security Engineer

@ CyberCube | United States

View on infosec-jobs.com

Linux DevSecOps Administrator (Remote)

@ Accenture Federal Services | Arlington, VA

View on infosec-jobs.com

Cyber Security Intern or Co-op

@ Langan | Parsippany, NJ, US, 07054-2172

View on infosec-jobs.com

Security Advocate - Application Security

@ Datadog | New York, USA, Remote

View on infosec-jobs.com