This blog post details a root cause analysis for Project Zero Issue 2046 found by Sergey Glazunov.

This blog post explores how privileged Lua scripts can pop shells without dropping privileges.

A look into how scripting language interpreters can execute arbitrary commands when supplied with malicious environment variables.

This blog post takes a brief look at TLS and certificate pinning, the problem of trust in Certificate Authorities that pinning attempts to address, and discusses whether the lack of certificate pinning in a mobile application constitutes a vulnerability.