Are we merging macOS and iPadOS? Nooooooo. 😉 #wwdc25

🚨NEW INVESTIGATION: We just forensically unmasked #Paragon's Apple spyware. Zero-click targets: Journalists. In 🇪🇺Europe. Like 🇮🇹Italian reporter Ciro Pellegrino. Reopen's #Italy's spyware scandal. Follows our The Citizen Lab investigation of their Android spyware. 1/

CoreTrust 2 TROLLSTORE Exploit (CVE-2023-41991) Full Details FINALLY RELEASED! It's SCARY! 🔥 NEW VIDEO: youtu.be/MSNdkB6pMBI?si… We're discussing the release of a complete analysis for CVE-2023-41991, the heart of TrollStore 2. We always knew it was a vulnerability that was

📣 Some good news on the training front: 🎉 we teamed up with Gergely Kalman and by bringing in our different expertise in the field will make this training even better 🎉 we should be ready by early 2026 🎉 we aim to deliver it in 3 public conferences 🎉 first two modules are

Teaching iOS Malware Hunting & Analysis at #NullconBerlin2025 — 🗓️ Sept 1–3 📍 Real-world spyware, forensics, detection 🔗 nullcon.net/berlin-2025/tr… If you’re into iOS security, you won’t want to miss this. #iOSsecurity #DFIR #malwareanalysis #nullcon

Have you seen this training by Helthydriver? iOS malware training! Come to nullcon berlin and let's do this training together!

Maybe we should all be taking closer looks at our iOS/macOS WhatsApp crash reports!? 😬 (TBD if related to CVE-2025-55117)

I’ve brought you a real iOS MTE bypass retrospectively: the overflow happens inside the co-processor (no MTE), then abuses trusted RPCs to gain kernel R/W — sidestepping MTE on the AP entirely. googleprojectzero.blogspot.com/2022/06/curiou…

🗂️ HUNT ORDER — iOS spyware detection (“Placeboed Apples”) Situation: iOS has no ESF hooks; you’re staring at massive forensic dumps. Mission: find spyware fast. Execution: build a malware simulator that imitates real families (incl. NoClip) → run it → watch which DBs/paths

🔴 LIVE at #OBTS 🍏 — Placeboed Apples Helthydriver spins a harmless iOS malware simulator (Pegasus-style)… and the phone lights up its own forensic hotspots. Chaos → checklist. Hunt smarter.

Matthais (@helthydriver)/iVerify(i✌️erify)/Dreams of (security.apple.com/research-devic…) - spoke at #OBTS about Hunting iOS malware - flipping the script using Malware Simulation - building fake spyware to reveal real forensic clues! Also an interesting site mythicalbeasts.dfrlab.org

🛰️ After-Hunt Debrief — “Placeboed Apples” (iOS spyware detection) Hunter: Matthias Frielingsdorf Helthydriver | #OBTS 🍏 Objective: turn chaotic iOS forensic dumps into a huntable map for Pegasus-class spyware. Tactic: build a harmless malware simulator that reenacts real

SCOOP: A man who worked on developing hacking tools for defense contractor L3Harris Trenchant was notified by Apple that his iPhone was targeted with spyware. It's unclear who targeted him, but he believes he was the scapegoat of a leak investigation. techcrunch.com/2025/10/21/app…

Not OK in my book. iOS 26 wipes shutdown.log, one of the most useful forensic traces in identifying malicious activity on your iPhone - iverify.io/blog/key-iocs-…

With iOS 26 Apple changed the way shutdown.log operates. We are detailing the changes here: iverify.io/blog/key-iocs-… This also contains a new undisclosed IOC for Pegasus in 2022. Please take a sysdiagnose before updating to 26, or you‘ll loose evidence.