01. May 2020
How to escape the iOS sandbox before your code even runs. Patched in iOS 13.5 beta 3.
Post is written in a way that should be understandable even for non-hackers. :)
18. Jan 2020
An all-too-simple XNU kernel info leak that was hiding in plain sight for two decades. Patched in iOS 13.3.1 beta 2.
07. Jan 2020
A design flaw in the ARMv8 specification.
08. Aug 2019
Teardown of a hardware memory permission mitigation introduced in Apple's A10/A11 chips.
20. Apr 2019
How to find a couple dozen thousand C++ symbols for an iOS kernel with minimal effort.
17. Aug 2018
Teardown of a hardware kernel integrity mitigation introduced in Apple's A10 chip.
31. Dec 2017
A macOS kernel exploit I dropped as an 0day just for the lulz. Patched in macOS High Sierra 10.13.3.
07. Dec 2017
The kernel exploit that powers a bunch of iOS 10 jailbreaks.
25. Dec 2016
"tfp0 powered by Pegasus": the first binary exploit I ever wrote - gets kernel r/w on iOS 9.