In collaboration with Project Zero, TAG has published an additional post with more details around the targeting and the actor. We've had discussions within Project Zero about whether this DCP vulnerability is interesting at all. The Asahi linux project reverse-engineered the API to talk to the DCP but they are restricted to using Apple's DCP firmware (loaded by iBoot) - they can't use a custom DCP firmware. Six privilege escalation exploits are bundled with this app. There's little public information about the DCP; the most comprehensive comes from the Asahi linux project which is porting linux to M1 Macs. This sideloading works because the app is signed with an enterprise certificate, which can be purchased for $299 via the Apple Enterprise developer program. Then the triggering of a kernel vulnerability followed by well-known steps to turn that into something useful, perhaps by disclosing kernel memory then building an arbitrary kernel memory write primitive. An app signed with the developer certificate embedded within that mobileprovision file can be sideloaded on any iPhone, bypassing Apple's App Store review process. (). Continue reading.
To know more about Ruby Fibers, check out our previous blog An Introduction to Ruby's 'Fibers'.
Whatever happened to SHA-256 support in Git?
• Temporal memory safety and data race safety.
A confederal Europe would provide an instrument for doing so gradually but without hesitation.
Full-time remote work can make a positive impact on everyone, especially groups of folks who are often untapped talent from historically marginalized communities.
Breaking: Julia ranks in the top 5 most loved programming languages for 2022 It should come as no surprise to those following the growth and expansion of the Julia Programming Language ecosystem that in this year’s Stack Overflow developer survey, Julia ranked in the top 5 for the most loved languages (above Python — 6th, MatLab — Last, and R — 33rd).