@h0mbre_ If you can corrupt memory in a controlled way then RCE is frequently just a matter of engineering, IMO

@roddux i can buy "frequently"

@h0mbre_ In the recent iOS CVE, it’s called a 0-click exploit/attack surface because iMessage automatically parses the received image without the user needing to open the app or click on anything, for use as a thumbnail in a notification for the user.

@R00tkitSMM right i get that the *surface* and *bug* are 0-click, but what im trying to understand is calling it *RCE* when there is no exploit PoC or evidence that it corrupts memory in such a way that it is exploitable without additional bugs

@h0mbre_ The iOS one was from an active ITW campaign, so I’m guessing that it is called a 0c RCE because that’s how it was used.

@h0mbre_ i guess people these day like to fear mongering a non exploitable bug 😂

@h0mbre_ I don't know if someone mentioned this or not but this blog by @benhawkes addresses this problem by comparing the vulnerability with other similar vulnerabilities and proving them to be members of an "equivalence" class. https://blog.isosceles.com/exp...

@h0mbre_ "Apple is aware of a report that this issue *may* have been exploited in an extremely sophisticated attack against specific targeted individuals." Would love to see a PoC or... more😈

@h0mbre_ NSO group is enjoying the debate—

I just noticed CVE-2025-25257 and had a giggle. Not because it's yet another Fortinet remote bug. But because it's a SQLi, in a WAF product. The irony...

stoked after @yarden_shafir and @Laughing_Mantis great talk about vulnerable drivers here at @Sikkerhetsfest

We’ve decided to publish a redacted version of our internal vuln disclosure tracker. Hopefully interesting! https://labs.watchtowr.com/dis...

It's 2025. There is no excuse for any product to past tokens into SQL statements like this, much less a security product. Fortinet, a cybersecurity company, has become famous over the last several years for its security flaws. An occasional flaw is forgiveable, but this line of