Resources for iOS security

Here you can find resources I’ve found interesting & useful for my journey in learning more about iOS security.

Links

#

Google Project Project Zero

#

• 2019 - A very deep dive into iOS Exploit chains found in the wild

• 2020 - Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

  • Messenger Hacking Remotely Compromising an iPhone over iMessage Samuel Groß

• 2020 - Fuzzing ImageIO

• 2020 - Fuzzing iOS code on macOS at native speed

• 2020 - Remote iPhone Exploitation Part 2: Bringing Light into the Darkness - a Remote ASLR Bypass

• 2020 - Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back - Gaining Code Execution

• 2020 - A survey of recent iOS kernel exploits

• 2020 - An iOS zero-click radio proximity exploit odyssey

• 2021 - A Look at iMessage in iOS 14

• 2021 - A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

• 2022 - An Autopsy on a Zombie In-The-Wild 0-day

• 2022 - CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

• 2022 - CVE-2021-30737, @xerub’s 2021 iOS ASN.1 Vulnerability

• 2022 - FORCEDENTRY: Sandbox Escape

• 2022 - A Brief History of iMessage Exploitation

• 2023 - An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

• 2025 - An analysis of the NSO BLASTPASS iMessage exploit

• 2025 - Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit

• 2025 - Pointer leaks through pointer-keyed data structures

CitizenLab

#

• 2020 - The Great iPwnJournalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

• 2021 - FORCEDENTRY - NSO iMessage Zero-Click Exploit

• 2021 - Pegasus vs. PredatorDissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

• 2023 - PREDATOR IN THE WIRESAhmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

• 2023 - Triple ThreatNSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains

• 2025 - Sweet QuaDreams or Nightmare before Christmas? Bill Marczak on Dissecting an iOS 0-Day

Amnesty International

#

• Forensic Methodology Report: How to catch NSO Group’s Pegasus

Securelist (Kaspersky)

#

• 2023 - Dissecting TriangleDB, a Triangulation spyware implant

• 2023 - Operation Triangulation: The last (hardware) mystery

• 2024 - Caught in the wild, past, present and future by Clem1

HEXACON

#

• 2022 - Life and death of an iOS attacker by Luca Todesco

• 2023 - The two-sided mirror by xerub

• 2023 - Finding and exploiting an old XNU logic bug by Eloi Benoist-Vanderbeken

Synacktiv

#

• 2021 - Analysis and exploitation of the iOS kernel vulnerability CVE-2021-1782

• 2022 - Attacking Safari in 2022

• 2024 - Escaping the Safari sandbox: A tour of WebKit IPC

• 2025 - iOS 18.4 - dlsym considered harmful

Objective by the Sea

#

• 2020 - Objective by the Sea v3.0 playlist

• 2021 - Analysis of CVE-2021-30860

• 2021 - Objective by the Sea v4.0 playlist

• 2022 - Objective by the Sea v5.0 playlist

• 2023 - Objective by the Sea v6.0 playlist

• 2024 - Objective by the Sea v7.0 playlist

Quarkslab

#

• 2025 -First analysis of Apple’s USB Restricted Mode bypass (CVE-2025-24200)

• 2025 - Reverse engineering of Apple’s iOS 0-click CVE-2025-43300: 2 bytes that make size matter

iVerify

#

• 2024 - Clipping Wings: Analysis of a Pegasus spyware sample

• 2024 - LightSpy iOS spyware

• 2025 - iVerify uncovers NICKNAME zero‑click iMessage exploit

• 2025 - Trust Broken at the Core

Matthias Frielingsdorf

#

• 2023 - Current State Of IOS Malware Detection - Matthias Frielingsdorf

• 2024 - From Pegasus to Predator - The evolution of Commercial Spyware on iOS

• 2024 - You Shall Not PASS - Analysing a NSO iOS Spyware Sample

• 2025 - Predator Malware: Trust Broken At The Core - Matthias Frielingsdorf

Epsilon’s blog

#

• 2025 - Technical analysis of CVE-2025-31201

Apple Security Engineering and Research (SEAR)

#

• 2023 - What if we had the SockPuppet vulnerability in iOS 16?

• 2025 - Memory Integrity Enforcement: A complete vision for memory safety in Apple devices

Google TAG (Threat Analysis Group)

#

• 2023 - 0-days exploited by commercial surveillance vendor in Egypt

Alfie CG

#

• 2024 - A step‑by‑step guide to writing an iOS kernel exploit

• 2025 - Trigon: developing a deterministic kernel exploit for iOS (part 1)

• 2025 - Trigon: exploiting coprocessors for fun and profit (part 2)

cat/dev/brain

#

• 2024 - Reverse engineering the iOS 18 “Inactivity Reboot”

noahhw

#

• 2025 - CVE 2025 31200

PKSecurity

#

• 2023 - Root cause analysis of CVE‑2023‑32439 (WebKit type confusion)

Jamf Threat Labs

#

• 2023 - WebKit vulnerability CVE‑2022‑42856 explained

• 2023 - The Web of Connections with iOS 16.4.1

• 2024 - CVE‑2024‑44131 TCC bypass (unauthorized iCloud access)

Starlabs

#

• 2022 - Apple CoreText - An Unexpected Journey to Learn about Failure

Exploit Reversing

#

• 2025 - Exploiting Reversing (ER)series: Article 04 (macOS/iOS – part 01)

R00tkitsmm

#

• 2024 - ImageIO, the infamous iOS Zero Click Attack Vector

• 2024 - Pishi: Coverage guided macOS KEXT fuzzing