// #HIEROGLYPHS.js // Valid JavaScript from the year 2020 BC: 𓅂='',𓂀=!𓅂+𓅂,𓁄=!𓂀+𓅂,𓊎=𓅂+{},𓆣=𓂀 [𓅂++],𓊝=𓂀[𓇎=𓅂],𓏢=++𓇎+𓅂,𓆗=𓊎[𓇎+𓏢 ],𓂀[𓆗+=𓊎[𓅂]+(𓂀.𓁄+𓊎)[𓅂]+𓁄[𓏢]+𓆣+ 𓊝+𓂀[𓇎]+𓆗+𓆣+𓊎[𓅂]+𓊝][𓆗](𓁄[𓅂]+𓁄[ 𓇎]+𓂀[𓏢]+𓊝+𓆣+'`𓅂 𓏢 𓂀 𓁄 𓆣 𓊝 𓇎`')``

#unc0ver v5.0.0 will be the first 0day jailbreak released since iOS 8! Every other jailbreak released since iOS 9 used 1day exploits that were either patched in the next beta version or the hardware. This will be a big milestone for jailbreaking.

Apple just released the list of CVEs that were patched on iOS 13.5, including an official confirmation that the #MailDemon vulnerabilities were patched. The full list of security issues addressed on iOS 13.5 is available at: support.apple.com/de-de/HT211168

Return of the iOS sandbox escape: lightspeed's back in the race!! The XNU bug johncool described last year was reintroduced and is still exploitable in the last version of iOS, as shown by unc0ver Team: synacktiv.com/posts/exploit/…

Zero-day in Sign in with Apple - bounty $100k bhavukjain.com/blog/2020/05/3…

New writeup: "We Hacked Apple for 3 Months: Here’s What We Found" Featuring... Brett Buerhaus, Ben Sadeghipour, erbbysam ㋬, and Tanner Barnes samcurry.net/hacking-apple

Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild. CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). The security bulletin is available here: support.apple.com/en-us/HT211929

Stop what you're doing and read this. This leak is going to be the story of the year: (LINK: theguardian.com/world/2021/jul…)

Here is the blog post about the anti-jailbreak, anti-Frida, anti-debug used in PokemonGO (featuring Frida and lief-project). romainthomas.fr/post/21-07-pok…

We released version 1.2 of the OWASP MSTG! As this is the first release after a while, there are quite a few changes. More details in our release notes: github.com/OWASP/owasp-ms… ✅ Download it ✅ Use it ✅ Give feedback via Github Issues Thank you to all of our supporters!

I've created an awesome list of iOS application security and penetration testing. I hope this helps people to learn more about #iOSsecurity. Your contributions are always welcome! github.com/Cy-clon3/aweso… #MobileSecurity #Cybersecurity #InfoSec #Bugbountytips #Bugbountytip

It's not everyday new iOS malware is uncovered 👾📲🍎 In our latest (guest) blog post, Taha Karim (ulזra‎), details how attackers are targeting iOS web3 users via malicious profiles & trojanized iOS apps: objective-see.org/blog/blog_0x6F… 😱

How to reverse and exploit iOS binaries, part 2 😈 Read my step-by-step TUTORIAL on exploiting arm64 via: > buffer overflow attack > rop chain I also built another cute binary for u to hacky hack 💕 inversecos.com/2022/06/guide-…

Excited to publish my writeup of a novel iOS in-the-wild exploit: The curious case of the fake Carrier .app: googleprojectzero.blogspot.com/2022/06/curiou…

Here is the first blog post about RASP analysis on iOS and some design weaknesses: romainthomas.fr/post/22-08-sin… Note: This is an **ephemeral** blog post, so feel free to grab a copy here: dl.romainthomas.fr Enjoy!

I'm happy to publish the second part of the series about iOS (de)Obfuscation and RASP protections. romainthomas.fr/post/22-09-ios… In particular, it introduces a new technique to "hook" syscalls on AArch64 based on 'gum_memory_patch_code' from Frida

Here are some of the presentations I found the most interesting within the macOS/iOS Kernel Security research space in 2022! 🧵 alexplaskett.github.io/macos-ios-secu…

🚨NEW REPORT: NSO Group’s #Pegasus #Spyware returns in 2022 with a trio of iOS 15 and iOS 16 zero-click exploit chains. The report finds NSO group clients deployed exploits against civil society members including two human right defenders in #Mexico citizenlab.ca/2023/04/nso-gr…

A 5-part complete series of on ARM64 exploitation and reversing by 8kSec Part1: 8ksec.io/arm64-reversin… Part2: 8ksec.io/arm64-reversin… Part3: 8ksec.io/arm64-reversin… Part4: 8ksec.io/arm64-reversin… Part5: 8ksec.io/arm64-reversin… Mobile Security

The challenge is now over! Congratulation to Robert Xiao for winning the write-up quality price and congratulation to korami as well for his solution. You can check them out here: - obfuscator.re/challenges/202… - obfuscator.re/challenges/202… (1/2)