Zhuowei Zhang
@zhuowei.notnow.dev
Mostly bad puns. It's pronounced "joe-way". Happy to explain jokes.
he/him, opinions are my own. https://zhuoweizhang.net
Mastodon: https://notnow.dev/zhuowei
he/him, opinions are my own. https://zhuoweizhang.net
Mastodon: https://notnow.dev/zhuowei
GORDON'S ALIVE?!
bsky.app/profile/thev...
bsky.app/profile/thev...
Adobe actually won’t discontinue Animate
Adobe actually won’t discontinue Animate
Animate will now be in maintenance mode “indefinitely.”
buff.ly
February 4, 2026 at 2:05 AM
GORDON'S ALIVE?!
bsky.app/profile/thev...
bsky.app/profile/thev...
As far as I know, libslirp is the only remaining FreeBSD-derived networking stack that doesn't include the CVE-1999-0001 patch.
RTEMS, which used to have a legacy libnetworking stack forked from FreeBSD before the patch, removed that stack in 2021.
Anything else I should look at?
RTEMS, which used to have a legacy libnetworking stack forked from FreeBSD before the patch, removed that stack in 2021.
Anything else I should look at?
January 3, 2026 at 7:30 PM
As far as I know, libslirp is the only remaining FreeBSD-derived networking stack that doesn't include the CVE-1999-0001 patch.
RTEMS, which used to have a legacy libnetworking stack forked from FreeBSD before the patch, removed that stack in 2021.
Anything else I should look at?
RTEMS, which used to have a legacy libnetworking stack forked from FreeBSD before the patch, removed that stack in 2021.
Anything else I should look at?
I got a write to 0x0041414141414141 with my proof-of-concept for CVE-2025-48593.
github.com/zhuowei/blue...
What can I do with this? Getting an infoleak is probably possible, but hard. For a proof-of-concept, I won’t bother defeating ASLR: I’ll just arbitrary-write to hardcoded memory addresses.
github.com/zhuowei/blue...
What can I do with this? Getting an infoleak is probably possible, but hard. For a proof-of-concept, I won’t bother defeating ASLR: I’ll just arbitrary-write to hardcoded memory addresses.
November 29, 2025 at 7:07 AM
I got a write to 0x0041414141414141 with my proof-of-concept for CVE-2025-48593.
github.com/zhuowei/blue...
What can I do with this? Getting an infoleak is probably possible, but hard. For a proof-of-concept, I won’t bother defeating ASLR: I’ll just arbitrary-write to hardcoded memory addresses.
github.com/zhuowei/blue...
What can I do with this? Getting an infoleak is probably possible, but hard. For a proof-of-concept, I won’t bother defeating ASLR: I’ll just arbitrary-write to hardcoded memory addresses.
I'm not the author of DynamicCow, and I'm not too familiar with modifying the dynamic island. You're probably looking for x.com/aboutzeph .
November 20, 2025 at 12:59 AM
I'm not the author of DynamicCow, and I'm not too familiar with modifying the dynamic island. You're probably looking for x.com/aboutzeph .
This CVE is from November Android Bulletin: source.android.com/docs/securit...
It should be a use-after-free; I haven't gotten it to do anything interesting though.
So far, I was only able to get a null pointer deref without malloc debug or an attempted write to library rodata with malloc debug.
It should be a use-after-free; I haven't gotten it to do anything interesting though.
So far, I was only able to get a null pointer deref without malloc debug or an attempted write to library rodata with malloc debug.
Android Security Bulletin—November 2025 | Android Open Source Project
source.android.com
November 14, 2025 at 5:27 AM
This CVE is from November Android Bulletin: source.android.com/docs/securit...
It should be a use-after-free; I haven't gotten it to do anything interesting though.
So far, I was only able to get a null pointer deref without malloc debug or an attempted write to library rodata with malloc debug.
It should be a use-after-free; I haven't gotten it to do anything interesting though.
So far, I was only able to get a null pointer deref without malloc debug or an attempted write to library rodata with malloc debug.