Technical analysis and detection methodology for CVE-2025-43300, a critical 0-click RCE vulnerability in Apple's DNG image processing| www.msuiche.com
This is the last part of a 3-part series on Bob and Alice in Kernel-land. You can find Part 1 here and Part 2 here. CrowdStrike podcast “Adversary Universe Podcast” just released a new episode entitled “The Kernel’s Essential Role in Cybersecurity Defense” featuring Adam Myers w/ Alex Ionescu, who is the original architect of the CrowdStrike Falcon kernel agent and also known for being the co-author of “Windows Internals” book and to be among the most knowledgeable people when i...| www.msuiche.com
It’s been a month since I wrote Part 1 of “Bob and Alice in Kernel-land”. As expected, we saw minimal constructive feedback from vendors, with a few notable exceptions. Sophos provided the most detailed information about their drivers, while CrowdStrike offered valuable insights into their kernel architecture, including the use of Microsoft’s Winsock kernel file transfer. This feature, introduced in Windows Vista+, was designed to replace the outdated Transport Driver Interface (TDI).| www.msuiche.com