top | item 45704545

(no title)

axoltl | 4 months ago

I do vulnerability research. Those things would do the exact opposite of what you're aiming for. They'd be received with glee by mercenary spyware companies, _especially_ being able to load things into higher levels of privilege.

discuss

notepad0x90|4 months ago

that wouldn't be a problem, apple signs extensions. In windows land for example, there are ELAM drivers for security software, they don't just hand them out, you basically have to convince people at Microsoft you're one of the good guys, in person.

axoltl|4 months ago

It means more surface (both from extensions themselves and the loader code), relaxation of things like KTRR/CTRR (you now need to add executable EL1 pages at runtime), plus the potential for signing keys to leak (Finding enterprise signing keys even for iOS is fairly easy).

As far as Windows goes, https://www.loldrivers.io is a thing.

transpute|4 months ago

Trusted high-privilege components, whether first or third party, are targeted for exploitation.

Too|4 months ago

Crowdstrike showed us how good idea that was.