Apple Security Research Device Picture Gallery

srd.cx/picture-galler…

securerom.fun

On the xz 'event' this is the best ongoing technical analysis seen so far of the final .o payload

gist.github.com/smx-smx/a6112d…

ASCII art in an Apple binary file : ''Cause there's no such thing as Good Silicon. Only Bad tests.'

YOU CAN COUNT ON ME TO MISBEHAVE

(Yes, this is every single production A16 key, both iBoot and SEPOS!)

gist.github.com/NyanSatan/c2df…

Seems like someone pushed a bunch of iBoot symbols to Hexrays's Lumina server

I created a tool to decrypt SEPROM panic logs:
github.com/Cryptiiiic/SEP…

The fact that they developed a complete zero-click to kernel chain, JUST to then force the device to open a web page to trigger the 'real' chain, is the most bureaucratic exploit I can imagine 🙈

koeln.ftp.media.ccc.de/congress/2023/…

We're revealing details of an obscure debugging feature in the Apple A12-A16 SoC’s that bypasses all of the hard-to-hack hardware-based memory protections on new iPhones. Its not used by the firmware and we don't know how the attackers found out about it. securelist.com/operation-tria…

Apple Vision Pro firmware keys (including sep-firmware) for VisionOS 1.0 beta 1-5
gist.github.com/matteyeux/1f9a…

Here is my tiny thread about something exciting that I’ve been sitting on for a quite some time now:

Early T6020 SecureROM dump!

This thread contains some details that I noticed in those 15 minutes I bothered to analyze it (so read on your own risk!)

🔺New on the Apple Security Research blog: a brief technical overview of iMessage Contact Key Verification! security.apple.com/blog/imessage-…

Something I don't get about this Triangle DB 0-click chain, why would they enable personalized ad tracking ??
securelist.com/triangulation-…

Rootful version of Fugu15
github.com/pinauten/Fugu1…

What could be a tagged address 🫣