CVE-2023-42902 support.apple.com/en-us/HT214036

Just received my acceptance into Apple’s Security Research Device Program! 2024 research loading…

2023 MVR Swag drop just landed! Congratulations to all of the other talented researchers that made the list. Shoutout Microsoft Security Response Center for recognizing these efforts and sending out this gear 🔥

This event was a blast. Huge shoutout to all the contestants who showed up with great research & congrats to Synacktiv on taking home the trophy!

[ZDI-24-207|CVE-2023-42902] Apple macOS VideoToolbox Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

Apple added an entry for CVE-2024-27857 which affects macOS, iOS and visionOS. support.apple.com/en-us/HT214101

In the 1st of a 3 part series, Michael DePlante & Nicholas Zubrisky detail link following bugs. How they work, what vendors do to prevent them, and how researchers can bypass protections to exploit them. Includes examples from recent 0-days in #Avast. zerodayinitiative.com/blog/2024/7/29…

In the 2nd part of the series on using link following bugs for LPE on #Windows, Michael DePlante & Nicholas Zubrisky detail using alternate data stream to bypass protections. Examples getting LPE on ESET provided. Stay tuned for the final blog entry tomorrow. zerodayinitiative.com/blog/2024/7/30…

In the final blog of their series on link following LPEs, Michael DePlante and Nicholas Zubrisky detail issues with #Intel and #PaperCut that weren't quite resolved as expected. They also describe using Task Scheduler to cause problems on boot. Read the details at zerodayinitiative.com/blog/2024/7/31…

[ZDI-24-1120|CVE-2024-27829] Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

[ZDI-24-1287|CVE-2024-44160] Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

[ZDI-24-1321|CVE-2024-40841] Apple macOS AppleVADriver Out-Of-Bounds Write Remote Code Execution Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

The first #Pwn2Own Ireland was grand. Cheers to everyone involved for making this such a special event. 🍀

[ZDI-24-1444|CVE-2024-44218] Apple SceneKit Improper Validation of Array Index Remote Code Execution Vulnerability (CVSS 8.8; Credit: Michael DePlante (Michael DePlante) of Trend Micro's Zero Day Initiative) zerodayinitiative.com/advisories/ZDI…

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

#Pwn2Own Berlin 2025 is complete! In total, we awarded $1,078,750 for 28 unique 0-days. Join Brian Gorenc and Dustin Childs as they recap the highlights (and some lowlights) from this year's event. youtu.be/G7McB7L7sIs #P2OBerlin

If you're a game studio looking for security audits/pen-testing of your game HMU. Experienced with: - RCE on Windows and gaming consoles - Windows security internals - Compiling old/legacy code bases I'll also accept Japan working visa sponsorship or gacha pulls as payment

Announcing #Pwn2Own Ireland for 2025! We return to the Emerald Isle with our new partner Meta and a $1,000,000 WhatsApp bounty. Yes - one million dollars. Plus new USB attack vectors on phones and more. Check out the details at zerodayinitiative.com/blog/2025/7/30…

Thank you Microsoft Security Response Center for inviting Trend Zero Day Initiative to the researcher party ah Blackhat. Come same hi to grab a ZDI challenge coin. Petrus Germanicus Michael DePlante