Siguza Profile picture
13 Oct, 5 tweets, 2 min read
31 pages of fearmongering?
Damn, Apple must *actually* be scared!…
Ah yes, hate it when an iOS app [checks notes] runs a kernel exploit to break out of its sandbox because that is required to encrypt user data.

The word "sandboxing" appears one single time in the entire document, and only as an argument for not opening up the hardware.
AdWare is literally the App Store landscape today. Bitch.
Apple provides* [...].

*since a few weeks ago.
The bold sentence at the beginning here is straight up false. The text in black is technically correct, but the part I highlighted implies *other* iOS sideloading effots that would *not* require tearing down security like this.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with Siguza

Siguza Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @s1guza

7 Jun
My advice if your phone needs repair:

1. Try a 3rd party repair shop.
2. Consider an iFixit kit and DIY repair.
3. Scout for a used phone.
4. If you HAVE to go to Apple, back up your phone & do a complete wipe.
5. Buy a new phone.

Never tell your passcode to an employee. EVER!
To clarify, wiping your device may not be possible depending on what parts are broken. If you cannot wipe your phone, you should absolutely not get it repaired at Apple, under any circumstance. Or any other shop that asks for your passcode.
It's not enough to just *delete* content from that phone either - you have to completely wipe it, and remove all connections to your AppleID. Otherwise the passcode and/or data on the device can be used to compromise your AppleID, and by extension all other Apple devices you own.
Read 6 tweets
2 Feb
Shortest code to trigger a kernel panic? I gotchu, fam:

adr x0, .
mov x1, 8
mov w3, 0
mov w16, 0x80000000
svc 0x80

(arm64e XNU, macOS >=11.0 || iOS >=14.0)
((Unexploitable, of course))
Why am *I* always the one falling face-first into these? 😐
It certainly LOOKS interesting at first glance though 😅 Image
Read 5 tweets
25 Jan
So my write-up/blog post candidates have been piling up since forever, and it'll be at least another month 'till I have enough free time again... but what would y'all like to see most?

(See replies for topic descriptions.)
tachy0n is the kernel exploit used in Unc0ver 5, used to jailbreak iOS 13.5 and below.
This write-up would require me to do some posts about XNU exploitation fundamentals first, like memory management, mach ports, etc.
blackbird is a SEPROM vulnerability affecting A8-A10(X)/T2 devices. The post would be specifically about the checkra1n implementation, include research into alternative strategies as well as a look at the issues with A11 (assuming I get green light from the rest of the team).
Read 5 tweets
7 Oct 20
Okay, I think we need a list of all the mistakes in the ironPeak post, because there are a lot of them, and it hurts to see them copy-pasted by every news outlet.

"Apple silicon systems will run completely on a set of Apple-designed ARM processors and thus will use a different topology based on e.g. the A12 chip."

Not technically false (assuming the speculation is correct), but it mixes together two things:

1. The T2's vulnerability to checkm8.
2. The T2's unique topology as the root of trust, while being a coprocessor that never shuts down unless you install an update, run out of battery or force-reboot your Mac.

Read 13 tweets
16 Aug 19
So here's the full case Apple vs. Corellium. And IANAL, but besides coming off really hostile, Apple seems to have a rather thin case here.…
Firstly, they only claim copyright infringement on their software and GUI - not the hardware or associated patents. And yes, the iOS license forbids pretty much everything except downloading and running it on a single Apple-issued device you own, but jfc.
It all sounds like if Corellium told users to bring their own IPSWs and didn't use Apple trademarked names, Apple's case would fall apart. Also they make it sound like Corellium created a knockoff of iOS, when they seem to literally be downloading the original software.
Read 11 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!