We emulated iOS 14 in QEMU.
This is how we did it: https://eshard.com/posts/emulating-ios-14-with-qemu

#reverseengineering #cybersecurity #iosdev #ios #apple #devops

I look away for 5 minutes and Annie goes and makes herself home in the vacant spot in the rack,

Little baby

I laughed out loud

Were Still More UK Postmasters Also Wrongly Prosecuted Over Accounting Bug? https://news.slashdot.org/story/25/04/06/0221239/were-still-more-uk-postmasters-also-wrongly-prosecuted-over-accounting-bug?utm_source=rss1.0mainlinkanon

Ben Eater vs. Microsoft BASIC

https://hackaday.com/2025/04/05/ben-eater-vs-microsoft-basic/

Project: golang/go https://github.com/golang/go
File: src/cmd/fix/fix.go:54 https://github.com/golang/go/blob/refs/tags/go1.23.4/src/cmd/fix/fix.go#L54

func walkBeforeAfter(x any, before, after func(any))

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ffix%2Ffix.go%23L54&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?github=https%3A%2F%2Fgithub.com%2Fgolang%2Fgo%2Fblob%2Frefs%2Ftags%2Fgo1.23.4%2Fsrc%2Fcmd%2Ffix%2Ffix.go%23L54&colors=light

Be like Ronin...

"Hero rat sets Guinness World Record for detecting landmines"

https://taskandpurpose.com/tech-tactics/ronin-landmines-rat-guinness-world-record/

via @TaskandPurpose

Work in progress JNI helper plugin for #radare2 https://github.com/evilpan/jni_helper/tree/master/r2 #android #java #reverseengineering

(CVE-2025-3155) Arbitrary file read by abusing ghelp scheme

https://gitlab.gnome.org/GNOME/yelp/-/issues/221

"Yelp, the GNOME user help application, allows help documents to execute
arbitrary JavaScript. A malicious help document may exfiltrate user files
to a remote server. A malicious website may download a help document
without user intervention, then trick the user into opening a ghelp URL
that references the help document. This notably requires the attacker to
guess the filesystem path of the downloaded help document."

And we just discussed old-school .HLP exploits the other day...

#EnoughEyeballs

# ./mpclient_x64 ../eicar.com 2>&1 | fgrep EngineScanCallback 

EngineScanCallback(): Threat Virus:DOS/EICAR_Test_File identified. 

happy dance

Here's me face talking about low-level #IBMi security:

@recon 2024 - Control Flow Intergrity on IBM i

https://www.youtube.com/watch?v=0uBbklP9BSE

The video also has some '90s VHS vibes to it, the writeup is still available here (minus the last temporal safety stuff):

https://silentsignal.github.io/BelowMI/

Rubia, rack technician.

Happy #Caturday!

#CatsWithJobs #StudioCat #RubiaTheCat

pgAdmin 4 v9.2 fixes CVE-2025-2945 & CVE-2025-2946

https://www.openwall.com/lists/oss-security/2025/04/04/3

* Issue #8602 - Fixed an XSS vulnerability issue in the Query Tool and View/Edit Data (CVE-2025-2946).
* Issue #8603 - Fixed a remote code execution issue in the Query Tool and Cloud Deployment (CVE-2025-2945).

New Project Zero issue:

Firefox: inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access

https://project-zero.issues.chromium.org/issues/392850860

CVE-2025-1932

[RSS] We emulated iOS 14 in QEMU. Here's how we did it.

https://eshard.com/posts/emulating-ios-14-with-qemu

This is CVE-2025-22871 and Go issue

https://go.dev/issue/71988.

net/http: request smuggling through invalid chunked data

Hey #infosec,
what's your best answer to people telling you "But we're not a Bank!" whenever you plan to introduce any measure to lower a risk?

Project: openssl-static-gcc-dwarf 3.4.0
File: openssl
Address: 00926180

__multf3

SVG:
dark https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=dark
light https://tmr232.github.io/function-graph-overview/render/?graph=https%3A%2F%2Fraw.githubusercontent.com%2Fv-p-b%2Fghidra-function-graph-datasets%2Frefs%2Fheads%2Fmain%2F%2Fopenssl-static-gcc-dwarf%2F00926180.json&colors=light

CVSSv3 10.0 (AV:N/PR:H/../../../../etc/passwd)

#directorytraversalmemes