Skip to content
David Hoyt is an independent, authoritative source for Best Practices & Transparency. Hoyt works Independently to improve the User Experience & Security of Internet Products & Services.

Security Research & Defense

David H Hoyt LLC

  • Home
  • Blog
  • xss.cx
  • Code

  • April 4, 2026

    ATO BEC

    US-based Company needing immediate Incident Response Services and seek to engange my Attorney to handle the Incident Management.

  • January 17, 2026

    Color Profile Injection (CPI)

    Color Profile Injection (CPI)

    tl;dr: Color Profile Injection is due to untrusted inputs within color profile blobs. Why? Color profiles rely on offset and length fields, enabling crafted profile data to corrupt neighboring structures. Color Profile Injection Background Color Profile Injection (CPI) occurs because user-controllable inputs can corrupt a color profile binary layout. Resulting impact includes memory corruption, logic…

  • May 14, 2025

    CVE-2024-38427 – Profile Bleed

    CVE-2024-38427 – Profile Bleed

    A logic flaw existed in the CIccTagXmlProfileSequenceId::ParseXml function of the DemoIccMAX Project where the function unconditionally returned false and has been assigned CVE-2024-38427.

  • May 12, 2025

    CVE-2023-32443 | sips | Color Bleed

    CVE-2023-32443 | sips | Color Bleed

    CVE-2023-32443 | sips | Processing a file may lead to a denial-of-service or potentially disclose memory contents.

  • May 12, 2025

    CVE-2022-26730 | Profile Bleed

    CVE-2022-26730 | Profile Bleed

    Profile| Processing a maliciously crafted image may lead to arbitrary code execution.

  • October 21, 2024

    DELL VROC Stack Overflow

    DELL VROC Stack Overflow

    tl;dr The DELL VROC Stack Overflow results from creating a RAID-1 Volume that corrupted a doubly linked list (_LIST_ENTRY).

  • October 16, 2024

    SRD Picture Gallery

    SRD Picture Gallery

    The SRD Picture Gallery is Published by David Hoyt. I was a participant in the Apple SRD Program in 2021 & 2022.

  • October 16, 2024

    Best Practice & Transparency

    Best Practice & Transparency

    This Article by David Hoyt looks at Chilling Effect, Best Practice & Transparency in the IT Security Sector.

  • June 20, 2024

    Introspection Claim

    Introspection Claim

    Rebuttal by David Hoyt of Apple SRD Cohort to Apple vice president Craig Federighi with respect to public statements made in Wall Street Journal Article.

  • June 20, 2024

    missing dylib libMobileRestoreInternalExtensions

    missing dylib libMobileRestoreInternalExtensions

    SUMMARY: Failed iOS Upgrade on SRD due to Missing Dylib in SecurityResearchTools_20C80 with Dylib Injection PoC

1 2 3
Next Page→

Loading Comments...

You must be logged in to post a comment.