Part 2 of Exploiting the iOS Kernel with PhysPuppet

Hiked up a volcano this past weekend. Mad views. 🌋

RT @dillon_franke: I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation l….

Out-of-bounds swap on iOS heap when decoding a malicious audio stream (CVE-2025-31200)

This video digs deeper into the r/w primitives we get with the CoreAudio bug Based on the research provided by @noahhw4646

How This Weird Exploit Primitive Corrupts iOS Heap Memory

I think this is the same effect as ‘learn by teaching’ when writing blogs. Fills the gaps in your knowledge.

When facing a technical challenge, draft a message to a colleague/developer friend. I find that ~50% of the time I figure out the solution before clicking send, just by defining the issue clearly.

The promo videos for Liquid Glass look beautiful, but seems implementation doesn’t land quite as well. I reckon Apple will partially revert this before full release, making elements more opaque again.

RT @ProjectZeroBugs: Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm)

Great research from Noah on the CoreAudio ITW vulnerability (CVE-2025-31200) patched in iOS 18.4.1 🐛.

RT @ZygoSec: This Video Can Exploit Your iPhone (CVE-2025-31200)

Thanks to @HexRaysSA for sponsoring this video. You can use discount code BILLY50 to get 50% off your next IDA Pro individual license purchase. Contact sales@hex-rays.com.

This Video Can Exploit Your iPhone (CVE-2025-31200)

host_page_size()

CVE-2034-5678 in “CCTV firmware” from latest Black Mirror season. Bookmark this for 9 years from now and report your camera firmware bugs. You could align the show with reality

RT @i41nbeer: My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp -.

Great writeup, good job @alfiecg_dev.

RT @bellis1000: Part 2 of Exploiting the iOS Kernel with PhysPuppet

RT @DontStealMacOSY: iOS 18.4 beta 1 JIT patch analysis

Nice analysis.