pwning.systems

A tale of a simple Apple kernel bug

Earlier this year, I discovered a flaw in XNU, which is the kernel that Apple uses on both macOS and iOS. While it’s not a particularly complicated flaw, I wanted to explain how I discovered it and how it works, both so that I can motivate others and so that they can learn from my discovery.
Read more →

PHP filter_var shenanigans

It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I’ll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug!
Read more →

Escaping privileged containers for fun

Despite the fact that it is not a ‘real’ vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn’t), this could really be handy at some point in the future
Read more →

Variant analysis of the ‘Sequoia’ bug

I imagine we’ve all heard about the recent ‘Sequoia’ bug discovered by the Qualys Research team. It’s a fascinating bug so I decided to do variant analysis using CodeQL!
Read more →

A story about an Apple and two fetches

Mistreatment by Apple Security is unfortunately something you’re likely to come across on a regular basis. Usually this concerns people that conduct free work for Apple in their spare time by auditing their assets. Despite Apple’s website claiming the opposite, you’ll frequently find things like quiet patching, no credit, no bounties, and an appalling lack of communication.
Read more →