Seeing (Mail)Demons? Technique, Triggers, and a Bounty

Read the original article: Seeing (Mail)Demons? Technique, Triggers, and a Bounty


Seeing (Mail)Demons? Technique, Triggers, and a Bounty

Impact & Key Details (TL;DR) :

  1. Demonstrate a way to do a basic heap spray
  2. We were able to use this technique to verify that this vulnerability is exploitable. We are still working on improving the success rate.
  3. Present two new examples of in-the-wild triggers so you can judge by yourself if these bugs worth an out of band patch
  4. Suggestions to Apple on how to improve forensics information / logs and important questions following Apple’s response to the previous disclosure
  5. Launching a bounty program for people who have traces of attacks with total bounties of $27,337
  6. MailDemon appears to be even more ancient than we initially thought.

Continue reading Seeing (Mail)Demons? Technique, Triggers, and a Bounty at ZecOps Blog.


Read the original article: Seeing (Mail)Demons? Technique, Triggers, and a Bounty