Siguza's Blog

iOS security, vulnerabilities, exploits, hardware mitigations, reverse engineering, that sort of stuff.

01. May 2020

"Psychic paper"

How to escape the iOS sandbox before your code even runs. Patched in iOS 13.5 beta 3.
Post is written in a way that should be understandable even for non-hackers. :)
18. Jan 2020


An all-too-simple XNU kernel info leak that was hiding in plain sight for two decades. Patched in iOS 13.3.1 beta 2.
07. Jan 2020


A design flaw in the ARMv8 specification.
08. Aug 2019


Teardown of a hardware memory permission mitigation introduced in Apple's A10/A11 chips.
13. Jun 2019

The Evolution of iOS Mitigations (TyphoonCon 2019 Slides)

20. Apr 2019

IOKit resymbolication

How to find a couple dozen thousand C++ symbols for an iOS kernel with minimal effort.
17. Aug 2018


Teardown of a hardware kernel integrity mitigation introduced in Apple's A10 chip.
29. Mar 2018

The HIDeous parts of IOKit (Zer0Con 2018 Slides)

31. Dec 2017


A macOS kernel exploit I dropped as an 0day just for the lulz. Patched in macOS High Sierra 10.13.3.
07. Dec 2017


The kernel exploit that powers a bunch of iOS 10 jailbreaks.
25. Dec 2016


"tfp0 powered by Pegasus": the first binary exploit I ever wrote - gets kernel r/w on iOS 9.