Vulnerability Acquisition Program

TFP0 Labs is seeking submission of vulnerabilities/proofs-of-concepts, including (but not limited to) the wishlist below. To submit, send a brief description of the vulnerability to info@tfp0labs.com encrypted with our GPG key.

iOS Platform

• App/WebContent sandbox-to-root LPE

• Kernel read primitive

• Kernel write primitive

• PAC bypass

• PPL bypass

• SPTM/TXM bypass

Applications

• Signal RCE (iOS/Android)

• Signal fingerprinting techniques (iOS vs Android, OS version, Signal version)

• Telegram RCE (iOS/Android)

• Viber RCE (iOS/Android)

N-Days

• None currently