Seizing the moment to share my macOS/iOS fuzzing training! Hands-on and practical. Feel free to reach out. retweets appreciated! 💥🍏 #iOS #macOS #fuzzing #infosec powerofcommunity.net/2025/tr…

Heading to Seoul for the @POC_Crew conference. see you all soon! Ping me if you’re around, I’m always up for a good chat about fun stuff 😄✈️

iOS exploits and mitigations these days.

Best fuzzing blog post I read in recent years! Mandatory reading for anyone interested in fuzzing whether you use MacOS or not. So many good references to other projects for people to study!

To be clear, 5 CVEs + one Additional recognition.

Apple patched six WebKit CVEs found by Google Big Sleep in iOS 26.1. support.apple.com/en-us/1256…

Just found out this bug could have been used to sidestep MTE :) will try to prepare a presentation or a blog post.

Amazing lineup, who else is coming to Seoul?

This is so good of Apple: "we will provide a thousand iPhone 17 devices to civil society organizations who can get them into the hands of at-risk users."

Time to stop hacking and playing #GhostofYotei

Jann Horn, Google Project Zero 👀 iOS/macOS googleprojectzero.blogspot.c…

🎉The CODE BLUE 2025 timetable is now live! From consumer device hacking and state-sponsored threat actors to legal insights into the “Cyber Response Capability Enhancement Act” by international scholars ― don’t miss this year’s powerful lineup👇📝 codeblue.jp/en/program/time-…

I still have no idea how or where to download the macOS KDK for build 25A354. Has Apple released it?

Yes, I didn’t mean to refute any claims, I was just sharing blog posts I enjoyed reading, especially around the introduction of MTE. On the other side, it’s also clearly documented in the P0 blog that coprocessors can be leveraged to sidestep MTE. googleprojectzero.blogspot.c…

Another XPU/GPU exploit shows the kernel could be compromised even with 𝐌𝐓𝐄, by mapping a GPU address to any physical address. Attackers can overwrite kernel code/data & gain execution great blog by @benhawkes, loved rereading it one more time. googleprojectzero.blogspot.c…

DynaDbg v0.0.2 with the debugger implementation will be released soon(for macOS/iOS). Technical documentation: github.com/DoranekoSystems/D…

The new Rowhammer attack paper against SK Hynix DDR5 modules is very impressive! LPE to root in over 100 seconds, or disclosing RSA keys for SSH from adjacent VM, among other vectors. If the SK Hynix brand doesn't ring a bell, some models of ADATA, G.SKILL, Corsair, Dell, Lenovo and even some Cisco OEM modules are based on Hynix chips. Finding exact list of affected OEM vendors and module modules is a bit tricky. As part of the research effort Google has also partnered with Antmicro to build dedicated Rowhammer testing rig, which is also open-source! github.com/antmicro/rowhamme… Paper: comsec.ethz.ch/research/dram… Google blog: security.googleblog.com/2025… PoC: github.com/comsec-group/phoe…

thanks to @celilunuver :)

MTE won't stop exploiting vulnerabilities/CVEs like MacDirtyCow or CVE-2022-46689. It’s a VM page-permission race (TOCTOU), not a spatial/temporal memory bug. project-zero.issues.chromium… github.com/zhuowei/MacDirtyC…

Want to learn more about this bug? Check out Ian's epic #OBTS v6 talk on it: "Abusing iPhone Co-Processors for Privilege Escalation" objectivebythesea.org/v5/tal…