Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case

Kaspersky's research team uncovered a critical undocumented hardware feature in Apple iPhones that was exploited in Operation Triangulation, enabling attackers to bypass hardware-based memory protection. The vulnerability, now patched as CVE-2023-38606, was instrumental in a sophisticated attack chain that could give attackers complete control over targeted iOS devices.

n0rdy - What Okta Bcrypt incident can teach us about designing better APIs

A comprehensive analysis of how various programming languages and libraries handle Bcrypt's 72-character input limitation reveals widespread security vulnerabilities similar to the Okta incident. Most implementations silently truncate input exceeding the limit rather than throwing errors, potentially allowing authentication bypasses with long usernames. Only Go's standard library and a specific Java implementation properly validate input length, highlighting the importance of secure API design.

Vulnerability

Kaspersky discloses iPhone hardware feature vital in Operation Triangulation case

n0rdy - What Okta Bcrypt incident can teach us about designing better APIs