Exploit

Developers use Ian Beer’s CVE-2025-24203 write-up to bring MacDirtyCow-like tweaks to newer firmware

Anthony Bouchard ∙ May 12, 2025

In case you didn’t already know, there’s a new kernel exploit out in the wild that renowned Google Project Zero security researcher Ian Beer recently published a writeup about. CVE-2025-24203, which is being referred to by the iPhone & iPad hacking community as dirtyZero or mdc0, is a kernel exploit that allows for certain system customizations akin to what the MacDirtyCow exploit was once capable of on supported firmware.

New turdus merula SEP exploit-based firmware downgrading tool now available for A9-A10(X) devices

Anthony Bouchard ∙ March 31, 2025

If you have a legacy iPhone or iPad with an A9-A10(X) chip inside, then you might be excited to hear about a new and free firmware downgrading tool called terdus merula for macOS that allows you to downgrade your device’s firmware back to any version you want, in either a tethered or an untethered fashion.

Alfie CG publishes write-up on Trigon, a deterministic kernel exploit based on CVE-2023-32434 that can’t fail

Anthony Bouchard ∙ March 2, 2025

Another week, another intriguing write-up by the young and talented hobbyist security researcher @alfiecg_dev, who just this weekend published a blog post about a new deterministic kernel exploit called Trigon that is based on CVE-2023-32434, the same bug that the Kernel File Descriptor (KFD) exploit utilized with puaf_smith and was patched in iOS & iPadOS 16.5.1.

Lars Fröder talks at Nullcon Goa 2025 security conference, iOS 17 & 18 jailbreak challenges discussed

Anthony Bouchard ∙ March 1, 2025

Speaking at a cybersecurity conference called Nullcon Goa 2025, Dopamine jailbreak and TrollStore perma-signing utility lead developer Lars Fröder, also more colloquially known around these parts as @opa334dev, took the stage to discuss the state of jailbreaking iPhones and iPads at present time.

Find My exploit turns any device into an AirTag tracker

Christian Zibreg ∙ February 27, 2025

An exploit in Apple’s Find My network allows hackers to turn any device with Bluetooth, such as a phone or a computer, into an AirTag tracker.

Palera1n team confirms jailbreak tool works on iPadOS 18.4 beta 1 on the iPad (7th generation)

Anthony Bouchard ∙ February 23, 2025

Apple seeded its first iOS & iPadOS 18.4 developer betas on Friday to set the groundwork for major upgrades in Apple Intelligence and other things. But as most jailbreakers already know, none of these firmware updates post-iOS 16.5.1 can be jailbroken on any arm64e (A12 and later) device.

Security researcher wh1te4ever shares Safari-based remote execution exploit patched in iOS 16.5.1, macOS 13.4.1

Anthony Bouchard ∙ February 11, 2025

In case you weren’t already aware, there was a Safari-based remote code execution (RCE) bug in the wild that Apple patched in a rapid security update for iOS & iPadOS 16.5.1 dubbed CVE-2023-37450, and ENKI WhiteHat is credited with the original proof of concept (PoC) showcasing the bug. But what if we told you someone made an exploit out of it? Interestingly enough, that seems to be exactly what has happened.

PoC published for CVE-2024-54498 macOS sandbox escape patched in macOS Sequoia 15.2

Anthony Bouchard ∙ January 8, 2025

Apple device security nerds, unless they’ve been living under a rock, have probably heard about CVE-2024-54498, or perhaps better known as the sharedfilelistd vulnerability. It was one of several vulnerabilities that Apple claims to have patched in macOS Sequoia 15.2, macOS Sonoma 14.7.2, and macOS Ventura 13.7.2, citing details shared on Apple’s About the security content of macOS Sequoia 15.2 web page.

Nugget SparseRestore-based iOS customization utility updated to v4.2.2 with more daemon controls & bug fixes

Anthony Bouchard ∙ January 1, 2025

Nugget, the SparseRestore-based iPhone customization utility for macOS and Windows, picked up an additional update this week ahead of the New Year holiday, officially bringing it up to version 4.2.2.

Security researcher releases S5Late bootrom exploit for iPod Nano 7th generation

Anthony Bouchard ∙ December 16, 2024

It’s been a hot minute since the year 2012, which is when Apple announced the seventh-generation iPod Nano. In fact, despite the fact that the iPod was one of Apple’s most successful products, the company doesn’t even sell iPods anymore.

Proof of concept for iOS 18.0.x bug CVE-2024-44285 released, but seems unlikely to aid jailbreaking

Anthony Bouchard ∙ December 1, 2024

In an interesting bit of news this long holiday weekend, hobbyist hacker @tomitokics took to social media platform X (formerly Twitter) on Friday to share what appears to be a proof of concept (PoC) for a use-after-free bug known as CVE-2024-44285 that Apple first introduced in iOS & iPadOS 18.0 and later patched in iOS & iPadOS 18.1.

Developer bypasses SideStore 3-app limit with SparseRestore exploit

Anthony Bouchard ∙ October 11, 2024

SparseRestore is the exploit everybody is talking about right now. It’s what made installing TrollStore on iOS 17.0 possible for the general public for the first time since the firmware stopped being signed, and it was also used in various hacks such as MisakaX and Nugget, just to name a few.