Billy Ellis
@bellis1000
Followers
22K
Following
21K
Media
3K
Statuses
29K
iOS security researcher
London, England
Joined November 2013
Spent some time on an old iOS WebKit bug to learn about browser exploitation https://t.co/CDySlTzGM6
5
37
241
My first technical blogpost is out now! Check it out: https://t.co/nIfki9Ym6Q Thanks for the DFF team for their support and to the dfsec people for posting it! Special thanks to @iBSparkes for his assistence :)
Our newest @dfsec_com blog post is live, thanks to @tomitokics from @df_forensics for putting this together :-) https://t.co/JoJfTOOXzV
2
26
102
Does the iPhone 17 Kill Exploitation for Good? (Memory Integrity Enforcement breakdown) https://t.co/CFMl7I7Nlk
0
5
20
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 https://t.co/EL3qg56N8X
16
224
795
Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy!
alfiecg.uk
Where did we leave off? Background: KTRR IORVBAR Coprocessors Always-On Processor Investigation AXI? What’s that?! Mapping DRAM Code execution Improving the strategy What about A7 and A8(X)? Conclu...
4
36
174
Yeah didn’t take long
0
0
8
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability!
3
43
200
Out-of-bounds swap on iOS heap when decoding a malicious audio stream (CVE-2025-31200) https://t.co/qRzR5Qo00T
1
34
193
This video digs deeper into the r/w primitives we get with the CoreAudio bug Based on the research provided by @noahhw4646
blog.noahhw.dev
Background On April 16, 2025, Apple released a patch for a bug in CoreAudio which they said was “Actively exploited in the wild.” This flew under the radar a bit. Epsilon’s blog has a great writeup...
0
3
15
I think this is the same effect as ‘learn by teaching’ when writing blogs. Fills the gaps in your knowledge.
0
0
6
When facing a technical challenge, draft a message to a colleague/developer friend. I find that ~50% of the time I figure out the solution before clicking send, just by defining the issue clearly.
2
8
58
The promo videos for Liquid Glass look beautiful, but seems implementation doesn’t land quite as well. I reckon Apple will partially revert this before full release, making elements more opaque again.
1
0
12
Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm)
0
5
25