We planned to open source checkra1n in 2020, but unfortunately we're not quite ready for a full release yet.
HOWEVER: We just open sourced the entirety of PongoOS, including our kernel patchfinder and SEP exploit! All available at: https://t.co/8ISUttWGmS
An @objective_see tool, flagged what may be the first instance of malicious code that natively targets Apple Silicon (M1)! 🍎🐛
Read: "Arm'd & Dangerous"
https://t.co/htw8K6qq1Y
See No Eval: Runtime Dynamic Code Execution in Objective-C https://t.co/7EC2KsZAXn
It reveals more detail that I didn't have time to cover in my previous talk slides
It's been a long time coming: we’re very excited to announce that virtual iOS-based devices are now available for individual accounts on our groundbreaking security research platform. https://t.co/cUDhD6gROd
Here is a PoC kernel exploit, it demonstrates how to get kernel task port on iOS 13.7. I will update the PoC with a writeup later.
https://t.co/NnJQ7ZRou0
Cann’t believe that I also missed the bug. Motived by this blog, I also prepared a blog, sharing another bug in the same extension. https://t.co/THH3Z5KdDb
📝 new (guest) blog post:
"CVE-2020–9934: Bypassing TCC
...for unauthorized access to sensitive user data"
🔗 https://t.co/qhcQx4sHdM
✍️ by: Matt Shockley (@mattshockl)
"...and then directly modify the TCC database to give myself every TCC entitlement" ...no code required 🤩
One Byte to Rule Them All: An iOS 13 exploit technique that turns a one-byte kernel heap overflow into an arbitrary physical address mapping primitive, all while avoiding the kernel task port and sidestepping mitigations like PAC, KASLR, and zone_require.
https://t.co/QtI3By2s0i
I've compiled a summary of every original public iOS kernel exploit from app context since iOS 10, describing the high-level exploit flow to get stable kernel read/write. The trends of how these exploits have evolved over time are quite interesting: https://t.co/bmXwdzWywU
Cool and good job! I am more interested in what 0day vulnerabilities are used, but the entire payload has been obfuscated and it will take some time to analyze. 😅
Return of the iOS sandbox escape: lightspeed's back in the race!! The XNU bug @JohnCool__ described last year was reintroduced and is still exploitable in the last version of iOS, as shown by @unc0verTeam: https://t.co/XQHCw5vsXh
Cool and good job! I am more interested in what 0day vulnerabilities are used, but the entire payload has been obfuscated and it will take some time to analyze. 😅
We are going to release #unc0ver 5.0.0 with support for every signed iOS version on every device using a 0day kernel vulnerability from @Pwn20wnd in sponsorship with https://t.co/l4SDOTDUla very soon. Update your devices to 13.5 and follow our progress on https://t.co/cNIUANaJr2.