[RSS] exploits.club Weekly Newsletter 74 - iOS 18 mitigations, CoreAudio RCAs, kCTF optimizations, and More

https://blog.exploits.club/exploits-club-weekly-newsletter-74/

@Viss Not sure, but sure it was MTV

https://archive.org/details/fur-tv-the-complete-series

@Viss Remember Fur TV? (literally everything was better back in the day...)

@kajer

Fucking stupid UI/UX choices.

Fortigate Firewall/Routers - All options for BGP/IPSEC are behind an "advanced options" user preference.... IT'S A FORTIFUCKINGROUTER the only people in this interface are advanced users.

PaloAlto XDR portal - Right-click for options on a line... fine... But wait, if you hold option/alt, you get even more options. I get the need to define which options are less common choices, but you should not be hiding things behind click-modifiers. The only people using the XDR interface will be advanced users. If a user doesn't have authorization for a command, then don't show it. If the option is destructive, then confirm with N number of dialogs. Also, the ENTIRE user interface is in italics.

Admin interfaces should never have hidden options.

@G33KatWork Ja bitte!

Make some noise!

There’s still time for you to submit your article for the 40th anniversary edition of Phrack!

https://bird.makeup/@phrack/1901633924532408680

What is the most inappropriate connector with enough pins to support USB-C?

I suggest:

[RSS] Too Much of a Good Thing: (In-)Security of Mandatory Security Software for Financial Services in South Korea

https://kaist-hacking.github.io/publication/yun-ksa/

@cR0w Finally some honest marketing!

Our journey with our #iOS emulator continues.

We show how we reached the home screen, enabled multitouch, unlocked network access, and started running real apps 👉 https://eshard.com/posts/emulating-ios-14-with-qemu-part2

#iosdev #reverseengineering #cybersecurity

@cR0w That's peak #YOLOsec right here!

Command injection, SQLi, and hardcoded creds in Infoblox NETMRI. tsk tsk

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32813

https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32815

And we have a write-up now for these Infoblox NetMRI vulns.

https://rhinosecuritylabs.com/research/infoblox-multiple-cves/

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00478ea0

ssl3_ctrl

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00478ea0.json&colors=light

God I hate computers...

@greg @G33KatWork if-let is a prime example of how Clever often beats Readable in Rust Land IMO

(I just wrestled with some code that swear to God was optimized for the minimal number of semicolons...)

🎯 THIS SATURDAY: DFIR Labs CTF 🎯
⏰ June 7 | 1630–2030 UTC
🔗 Register Now → https://dfirlabs.thedfirreport.com/ctf

🚀 DFIR Labs CTF is back!
💥 Only $9.99 to join
💥 Choose Elastic or Splunk
💥 Access a brand-new, unreleased case
💥 Top 5 get invited to join The DFIR Report team!

📣 Hear from past participants:
⭐ “Real case makes it different!”
🚀 “Great hands-on learning experience”
💯 “Excellent CTF, super responsive and realistic”

Don’t miss your chance to level up with real-world incident response challenges.