Category: Apple

• CVE-2022-26730 | ColorSync

  

  CVE-2022-26730 | ColorSync | Processing a maliciously crafted image may lead to arbitrary code execution.

  h02332

  September 19, 2023

  Apple

  CVE-2022-26730, ICC Color Profile, XNU

• Best Practice & Transparency

  

  Article by David Hoyt, a Publisher of Best Practice, Vulnerability Management, Security Measurement & Compliance Reporting. A part of a 2021 Apple Security Research Device Cohort and former Internet Service Provider [ISP]. Information with respect to the Apple Security Research Device Program.

  h02332

  September 16, 2023

  Apple

  Best Practice, Chilling Effect, Transparency

• CVE-2023-32443 | sips

  

  CVE-2023-32443 | sips | Processing a file may lead to a denial-of-service or potentially disclose memory contents.

  h02332

  August 25, 2023

  Apple

  CVE-2023-32443, ICC Color Profile, sips, XNU

• arm64e pointer authentication failure

  

  Product Defects & Quality Assurance Issues expressed on arm64e as possible pointer authentication failures [PAC Failure] and data abort exception errors in Apple Closed Source Applications used for Development. The corresponding X86_64 Exception Code: EXC_I386_GPFLT.

  h02332

  May 3, 2023

  Apple, Quality Assurance

  arm64e, Best Practice, Code Signing, Data Abort, help, man, PAC Fail, rtfm, Transparency, X86_64

• XNU Crash Analysis

  

  This Article is intended for quick assessment of XNU Crash Analysis. Manually debugging the Code is the only way to be sure something is or isn’t exploitable. A Crash is only a security issue if it is triggered by untrusted input.

  h02332

  May 3, 2023

  Apple

  Best Practice, Crash, Exploit, man, rtfm, Transparency

• man srd

  

  This is the Landing Page for SRD Man Pages. The man pages for the SRD were pushed to TXT Files and put here so you may Bookmark your interest(s).

  h02332

  December 11, 2022

  Apple, SecurityResearchTools_21C39

  Best Practice, help, man, rtfm

• srdutil

  

  The srdutil utility is used to Checkin your Device with Apple Corporation. Every 2 weeks set a cron job to checkin your SRD with the Mothership.

  h02332

  December 11, 2022

  Apple

  checkin, Flash, SRD, srdutil

• missing dylib libMobileRestoreInternalExtensions

  

  SUMMARY: Failed iOS Upgrade on SRD due to Missing Dylib in SecurityResearchTools_20C80 with Dylib Injection PoC

  h02332

  December 11, 2022

  Apple

  Code Signing, downgrade, dylib, Flash, PoC, SRDI, srdutil, upgrade

• SRT 24.100.3 PR42

  

  This Article will look at the initial Release of Security Research Tools Version 21C93 and the Revisions to Code that have been Committed to Github to further optimize the User Experience.

  h02332

  December 11, 2022

  AMFI, Apple, CoreTrust, Install, SecurityResearchTools_21C39

  Build, Code Signing, debugserver, dylib, Make, Permission, SDK

• SRD IORegistry

  

  Executive Summary This Article organizes the SRD iPhone 11 & iPhone 12 Models for IORegistry output samples. The IORegistry contains information describing the Device Tree and related hardware components for these Security Research Devices as Requested in Issue #29. IORegistry Sample Output Related Links

  h02332

  April 10, 2022

  Apple

  output, rtfm, sample, SRD, Transparency