INFOSECSKI N00S (from & for) anons like (You)
So Apple™ released this security update today; saying that it's possible for an attack to be executed using malicious code embedded from within an image like a JPG. This includes Webkit (the main browser framework for macOS/iOS and many other stand-alone applications).
Seems relevantly important, especially for researchers on image boards like this one. Included are some useful links and rabbit holes/digtrails.
https://support.apple.com/en-us/HT210918https://support.apple.com/en-us/HT210919
KEYSWORDSTONES:
PRISM
BLARNEY
STORMBREW
FAIRVIEW
OAKSTAR
MARINA
PINWALE
XKEYSCORE (XKS)
EONBLUE
MYSTIC
NUCLEON
SEEDSPHERE
TWISTEDPATH
WINDSTOP
BLACKPEARL
BLUEZEPHYR
BROKENRECORD
CADENCE
CASCADE
CASSIOPEIA
CLOUD
COBALTFALCON
COWBOY
CRUCIBLE
DARKTHUNDER
DISHFIRE
EINSTEIN
GAZEBO
HOTZONE
INDUCTION
JAZZFLUTE
JEMA
JOLLYROGER
LORD
MAINWAY (MW)
MATRIX
MISTRALWIND
MONKEYROCKET
OCELOT
OCTAVE
OLYMPIC
ORANGEBLOSSOM
ORANGECRUSH
PARTNERMALL PROGRAM (PMP)
PERFECTSTORM
PHOTONIC PRISM (P2)
QUANTUM
SERRATEDEDGE
SHIFTINGSHADOW
SILVERZEPHYR (SZ)
STEELFLAUTA
SUPERDRAKE
THIRD-EYE
TOYGRIPPE
TUNINGFORK
WHITESQUALL - This one should really get your cogs churnin'!
YACHTSHOP
YANKEE
Links:
https://support.apple.com/en-us/HT210919
https://dl.packetstormsecurity.net/2001-advisories/APPLE-SA-2020-1-28-2.txt
https://its.ny.gov/security-advisory/multiple-vulnerabilities-113
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
https://www.xda-developers.com/google-project-zero-90-days/
https://github.com/saelo
https://github.com/rapid7/metasploit-framework/tree/master/external/source/exploits/CVE-2009-3867
https://ononymous.org/
https://assets.documentcloud.org/documents/2116191/unofficial-xks-user-guide.pdf