top | item 43537447

(no title)

musjleman | 11 months ago

Showing a 5000$ bounty example of "enumerating all apps" sounds a bit disingenuous when this is more of a "check if this exact app by bundle name was installed not through store.

I also don't think that this deserves to be called anything as scary as an "zero day exploit", "sandbox escape".

discuss

bri3d|11 months ago

There seems to be some weird beef in the background here with the TrollStore developers and Verichains, but Verichains come out looking much better here by naming the exploit what it actually is rather than misleading puffery around “sandbox escape 0days!!!111”

I think app enumeration info leaks generically might be eligible for that bounty, though, so mentioning it doesn’t seem too wild.