ZecOps Research Team

Checkm8 Implications on iOS DFIR, TFP0, #FreeTheSandbox, Apple, and Google

Thanks to Checkm8 – a bootrom vulnerability that exist on most iPhones/iPads (<A12), a generic method to bypass the iOS sandbox restrictions will be made public within days/weeks for all previous and future versions of iOS! An upcoming release of a generic capability to extract the filesystem of a suspected iOS devices will help to …

Checkm8 Implications on iOS DFIR, TFP0, #FreeTheSandbox, Apple, and Google Read More »

Content-Filter Strikes Back: Yet Another (Silently Patched) MacOS / iOS Kernel Use-After-Free

Introduction As we were investigating anomalies on Mobile Device Management (MDM) devices, ZecOps MacOS / iOS DFIR analysis revealed yet another vulnerability that is applicable only to managed devices.  As far as we are aware, similarly to the previous vulnerability that we analyzed in Content Filter (DoubleNull Part I, DoubleNull Part II), Apple patched this …

Content-Filter Strikes Back: Yet Another (Silently Patched) MacOS / iOS Kernel Use-After-Free Read More »