Log inSign up
Ron Masas
341 posts
Image
user avatar
Ron Masas
@RonMasas
trying to predict the next token to make you think i’m a security researcher.
BREAKPOINT.SH
Joined September 2015
254
Following
1,582
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Terms·Privacy·Cookies·Accessibility·Ads Info·© 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    Ron Masas
    @RonMasas
    Feb 19, 2024
    I found 2 stored XSS vulnerabilities in ChatGPT. The XSS bug was the easy part, but sharing it required bypassing CSP, leveraging a mass assignment issue for client-side path traversal (thanks @ctbbpodcast) to force a request to a BFLA endpoint. 🧵 [1/5]
    Image
    Image
    00:00
    77K
  • user avatar
    Ron Masas
    @RonMasas
    Jan 22, 2022
    Google Chrome saved passwords get easily be extracted by any malicious app on macOS. The price we pay for autofill... 🤦‍♂️ github.com/masasron/chrom… Music: bensound.com #redteam #infosec
    Image
    00:00
  • user avatar
    Ron Masas
    @RonMasas
    Sep 18, 2022
    Here is the story behind CVE-2022-32883, on how I was able to use Apple Maps to leak your precise location 🛰️🛰️🛰️! breakpoint.sh/posts/turning-… #macOS #Security #bugbounty
    Image
  • user avatar
    Ron Masas
    @RonMasas
    Mar 19, 2022
    iOS 15.4 fixes the first iOS bug I've found! Blog post and proof of concept video below: breakpoint.sh/posts/airdrop-… #infosec #BugBounty
    Image
    00:00
  • user avatar
    Ron Masas
    @RonMasas
    Mar 24, 2022
    A "transparent" window can be used in macOS to clickjack the user into giving you full control over his TCC database. Code: github.com/breakpointHQ/T… #redteam #infosec music: bensound.com
    Image
    00:00
  • user avatar
    Ron Masas
    @RonMasas
    Feb 21, 2024
    Here is the breakdown of the second stored XSS I found in ChatGPT. After discovering the first issue in the file citation download handler, I began looking URL citations. That's when I came across the following code. 🧵 [1/6]
    Image
    Image
    00:00
    30K
  • user avatar
    Ron Masas
    @RonMasas
    Jan 31, 2024
    CVE-2022-32905 is a Gatekeeper bypass that Apple fixed in late 2022. I think it's a great example of low-hanging fruit 🍎. Here's how it worked 🧵 [1/4]
    Image
    14K
  • user avatar
    Ron Masas
    @RonMasas
    Feb 19, 2024
    Replying to @RonMasas
    I then found the last piece of the puzzle: a mass assignment bug in the `/backend-api/conversation` endpoint that allowed me to inject arbitrary metadata into a conversation by pretending to be the assistant. Blog: imperva.com/blog/xss-marks…
    Image
    00:00
    Image
    8.9K
  • user avatar
    Ron Masas
    @RonMasas
    Dec 14, 2021
    After being madly inspired by #OBTS, and the content from @_r3ggi and @cedowens I've found and reported 3 vulnerabilities to #Apple. Today the first one was fixed, this is also my first macOS CVE! 🍾 Thank you all!
    support.apple.com
    About the security content of macOS Monterey 12.1 - Apple Support
    This document describes the security content of macOS Monterey 12.1.
  • user avatar
    Ron Masas
    @RonMasas
    Feb 15, 2024
    Bypassing TCC to access your microphone or camera is trivial if your default browser is Google Chrome or another Chromium-based browser.
    Image
    00:00
    7.9K
  • user avatar
    Ron Masas
    @RonMasas
    Dec 14, 2023
    A few months ago, I read a blog by @_r3ggi about Atlassian Companion, which inspired me to search for my own bypass. This led to the discovery of an interesting behavior in the #macOS ScriptEditor and a new RCE vulnerability! (CVE-2023-22524) imperva.com/blog/cve-2023-… #security
    Image
    Imperva Uncovers CVE-2023-22524, A RCE Vulnerability | Imperva
    From imperva.com
    5.3K
  • user avatar
    Ron Masas
    @RonMasas
    Oct 25, 2022
    Yes it’s another Gatekeeper bypass! #macOS #BugBounty
    Image
  • user avatar
    Ron Masas
    @RonMasas
    Mar 28, 2024
    When I discover vulnerabilities, I enjoy planning the post-exploitation phase. After reporting two XSS issues in OpenAI's ChatGPT, I noticed they implemented a new mitigation against data exfiltration. Here's how to defeat it. 1/6🧵
    6.6K
  • user avatar
    Ron Masas
    @RonMasas
    Feb 3, 2024
    CVE-2022-32883 is another low hanging fruit vulnerability I reported to Apple a while ago. Here's what I found 🧵 [1/5]
    Image
    4.9K
Advertisement
Advertisement