Siguza's Blog

iOS security, vulnerabilities, exploits, hardware mitigations, reverse engineering, that sort of stuff.

01. May 2020

"Psychic paper"

How to escape the iOS sandbox before your code even runs. Patched in iOS 13.5 beta 3.
Post is written in a way that should be understandable even for non-hackers. :)
18. Jan 2020

cuck00

An all-too-simple XNU kernel info leak that was hiding in plain sight for two decades. Patched in iOS 13.3.1 beta 2.
07. Jan 2020

PAN

A design flaw in the ARMv8 specification.
08. Aug 2019

APRR

Teardown of a hardware memory permission mitigation introduced in Apple's A10/A11 chips.
13. Jun 2019

The Evolution of iOS Mitigations (TyphoonCon 2019 Slides)

20. Apr 2019

IOKit resymbolication

How to find a couple dozen thousand C++ symbols for an iOS kernel with minimal effort.
17. Aug 2018

KTRR

Teardown of a hardware kernel integrity mitigation introduced in Apple's A10 chip.
29. Mar 2018

The HIDeous parts of IOKit (Zer0Con 2018 Slides)

31. Dec 2017

IOHIDeous

A macOS kernel exploit I dropped as an 0day just for the lulz. Patched in macOS High Sierra 10.13.3.
07. Dec 2017

v0rtex

The kernel exploit that powers a bunch of iOS 10 jailbreaks.
25. Dec 2016

clover

"tfp0 powered by Pegasus": the first binary exploit I ever wrote - gets kernel r/w on iOS 9.