after months of hardwork 👀

slides “Write a SEP app for iOS”.

MOSEC BaijiuCon, an exciting experience!.special thanks to @zh1x1an2

I'm an iOS SEP app developer. 👀

My talk was accepted by BlackHat USA 2023. #BHUSA

proc_entitlement_is_bool_true("container-manager") is changed to AppleMobileFileIntegrity::AMFIEntitlementGetBool in iOS 16.4. So the hack adding entitlements to the backend OSDictionary of OSEntitlements is not working.

I hate debugging kernel. The only useful information is register values left in panic log.

me too🤣.

RT @LinusHenze: Happy Halloween! 👻.Fugu15 is now available on GitHub:

iOS 15.x demo. Run 3 cmds: ls, id, sw_vers. There is a lot of trouble in ios15. Still a long way from a real jailbreak. iPhone XS, iOS 15.0: using cve-2021-30883 (written months ago).iPhone 13 Pro, iOS 15.1: using cve-2021-30955 (thanks @realBrightiup ). I don't promise anything

RT @_3ndy1: Had succeeded in using my kernel read/write primitive to achieve privilege elevation on macOS 12.1 prior to the release of macO….

RT @Pwn20wnd: unc0ver v8.0.0 is NOW OUT with iOS 14.6-14.8 support for A12-A13 iPhones.

An important thread. I recommend iOS hackers to read this.

Write an iOS 14.6 (iPhoneXR, A12) jailbreak demo for CVE-2021-30883 (fixed in iOS 15.0.2, by @AmarSaar). Use a trick from oob-timestamp (by @_bazad). Run two commands: "id" and "ls /"

I've been a little busy lately. Hope I could get back to the vulnhunt things soon.

These are the last two. Have stopped doing iOS vulnerability hunt for several months. So, no CVEs next time.

1 CVE, 3 people. Lucky, or unlucky?

CVE-2021-30914.I used this one to complete my first iOS LPE exploit demo, on 2021-02-09, . Unfortunately, it is not easy to exploit it in iOS 14.2 and above.

RT @LinusHenze: Happy #UntetherDay everyone. Fugu14 is now available on GitHub:

Write a jailbreak demo for CVE-2021-30883 (fixed in iOS 15.0.2, by @AmarSaar ) on an iPhone 11 iOS 14.0. Why iOS 14.0? I just want to verify if the vulnerability is exploitable. The code is based on the old ipc_kmsg hack. The exploit has better speed than cicuta_virosa.