Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html [googleprojectzero.blogspot.com]
2025-03-27 16:45
Whilst the Isosceles and Dark Navy posts explained the underlying memory corruption vulnerability in great detail, they were unable to solve another fascinating part of the puzzle: just how exactly do you land an exploit for this vulnerability in a one-shot, zero-click setup? As we’ll soon see, the corruption primitive is very limited. Without access to the samples it was almost impossible to know.
source: HN