This blog post cleared up a bunch of ARM64 caching confusion I had, well worth a read:

RT @GrapheneOS: In April 2024, Pixels shipped a partial implementation of our January 2024 proposal for firmware-based reset attack protect…

RT @jsrailton: BREAKING: #Paragon reportedly terminates spyware contract with #Italy. Right on heels of reported targeting of journalist &…

In Linux terms, this XNU kernel bug is that the cred structure is being modified directly (instead of copied), even though it's accessed-via/protected-by an RCU pointer. This bug in such a core part of the kernel would be unthinkable in Linux, is SMR new?

RT @Raspberry_Pi: Security through transparency: all chips have vulnerabilities, and most vendors' strategy is not to talk about them. In c…

RT @oss_security: rsync: 6 CVEs Two independent groups of researchers identified a total of 6 CVEs in rsync. In the…

RT @cgvwzq: very cool security position at Arm:

RT @DonnchaC: We've seen others signs that attackers may be exploiting RCS in-the-wild. In December we documented a serious of suspicious m…

RT @natashenka: Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vuln…

Huh, TIL AMD have an instruction that can invalidate TLB's on other cores without sending an interrupt to them

That's a bug class I haven't seen before.

RT @hkashfi: Turns out WhatsApp does NOT have end-to-end encrypted backup enabled by default. Your backups are stored cleartext on cloud, w…

RT @spendergrsec: End of 2026 will be interesting, will only be one upstream LTS usable and supported at that point, and it'll be the one t…

RT @GrapheneOS: Android 15 QPR2 is moving 6th/7th/8th generation Pixels to the Linux kernel's 6.1 LTS branch already used for 9th generatio…

RT @psifertex: @gf_256 Funny you'd mention that...

RT @5aelo: Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to…

If anyone needs me, I'll be rolling around on the floor thinking about exploits.

RT @mrexodia: Can You Get Root With Only a Cigarette Lighter? by @David3141593

RT @__sethJenkins: I found an issue in collaboration with Amnesty and TAG that we have indication may be used ITW, CVE-2024-43047. See http…

RT @__sethJenkins: Just derestricted 3 more (Fixed!) issues, including a UAF in a driver on Android Qualcomm chipsets. Kudos to Qualcomm fo…