iOS release notes are always comforting when you have firsts like this. 3 zero-days actively exploited in the wild. 2 involving WebKit. "Apple said additional details would be available soon" techcrunch.com/2021/01/26/app…
https://twitter.com/_DanielSinclair/status/1348631971480666112
The bricked state I encountered didn't end up having to do with the battery, at least obviously so. After a day of wrestling with DFU mode, it was successfully restored. If it attempted to boot, it would endlessly loop; breaking that cycle was hard.
https://twitter.com/_DanielSinclair/status/1348632174011052034?s=20
The morning following the mobile Chrome stuttering, the device was very warm — like you would expect from an iCloud Photos daemon. Springboard worked, albeit dropping frames, but third party apps (I didn't test first party) began failing to boot. Upon shutdown, it was bricked.
Overnight, the device was plugged in under a pillow. That's unusual. I suspected it overheated and a voltage issue (or something else) pushed the kernel (or a low level process) into an irrecoverable state. That's still my strong guess.
To be somewhat diligent, I inspected recent device bandwidth. Nothing popped out as unusual, but of course, modern exploits are targeting your keychain and would do heavy-lifting off device. 
I wish I had been inspecting & logging all traffic from the device for my own peace of mind, but I was not. And the KISMET research highlights how that wouldn't necessarily tell the full story; NSO is believed to have delivered exploits through iCloud. citizenlab.ca/2020/12/the-gr…
It's a good time as any to ask: what are you using for mobile forensics and personal defense? Enterprise DFIR pricing feels out of reach. I'm not worth targeting, but am surely susceptible to watering holes. The boldness of the recent surge of exploits in the wild is concerning.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
