"Psychic paper"
How to escape the iOS sandbox before your code even runs. Patched in iOS 13.5 beta 3.Post is written in a way that should be understandable even for non-hackers. :)
01. May 2020
Post is written in a way that should be understandable even for non-hackers. :)
Post is written in a way that should be understandable even for non-hackers. :)
18. Jan 2020
cuck00
An all-too-simple XNU kernel info leak that was hiding in plain sight for two decades. Patched in iOS 13.3.1 beta 2.
07. Jan 2020
PAN
A design flaw in the ARMv8 specification.
08. Aug 2019
APRR
Teardown of a hardware memory permission mitigation introduced in Apple's A10/A11 chips.
13. Jun 2019
The Evolution of iOS Mitigations (TyphoonCon 2019 Slides)
20. Apr 2019
IOKit resymbolication
How to find a couple dozen thousand C++ symbols for an iOS kernel with minimal effort.
17. Aug 2018
KTRR
Teardown of a hardware kernel integrity mitigation introduced in Apple's A10 chip.
29. Mar 2018
The HIDeous parts of IOKit (Zer0Con 2018 Slides)
31. Dec 2017
IOHIDeous
A macOS kernel exploit I dropped as an 0day just for the lulz. Patched in macOS High Sierra 10.13.3.
07. Dec 2017
v0rtex
The kernel exploit that powers a bunch of iOS 10 jailbreaks.
25. Dec 2016