Resources for iOS security

Here you can find resources I’ve found interesting & useful for my journey in learning more about iOS security.

Links

#

Google Project Project Zero

#

• 2020 - Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641

  • Messenger Hacking Remotely Compromising an iPhone over iMessage Samuel Groß

• 2020 - Remote iPhone Exploitation Part 2: Bringing Light into the Darkness - a Remote ASLR Bypass

• 2020 - Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back - Gaining Code Execution

• 2021 - A Look at iMessage in iOS 14

• 2021 - A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

• 2022 - An Autopsy on a Zombie In-The-Wild 0-day

• 2022 - CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers

• 2022 - CVE-2021-30737, @xerub’s 2021 iOS ASN.1 Vulnerability

• 2022 - FORCEDENTRY: Sandbox Escape

• 2022 - A Brief History of iMessage Exploitation

• 2023 - An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit

• 2025 - An analysis of the NSO BLASTPASS iMessage exploit

• 2025 - Blasting Past Webp - An analysis of the NSO BLASTPASS iMessage exploit

CitizenLab

#

• 2020 - The Great iPwnJournalists Hacked with Suspected NSO Group iMessage ‘Zero-Click’ Exploit

• 2021 - FORCEDENTRY - NSO iMessage Zero-Click Exploit

• 2021 - Pegasus vs. PredatorDissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware

• 2023 - PREDATOR IN THE WIRESAhmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

• 2023 - Triple ThreatNSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains

• 2025 - Sweet QuaDreams or Nightmare before Christmas? Bill Marczak on Dissecting an iOS 0-Day

Securelist (Kaspersky)

#

• 2023 - Dissecting TriangleDB, a Triangulation spyware implant

• 2023 - Operation Triangulation: The last (hardware) mystery

• 2024 - Caught in the wild, past, present and future by Clem1

HEXACON

#

• 2023 - The two-sided mirror by xerub

• 2023 - Finding and exploiting an old XNU logic bug by Eloi Benoist-Vanderbeken

Synacktiv

#

• 2021 - Analysis and exploitation of the iOS kernel vulnerability CVE-2021-1782

• 2022 - Attacking Safari in 2022

• 2024 - Escaping the Safari sandbox: A tour of WebKit IPC

• 2025 - iOS 18.4 - dlsym considered harmful

Quarkslab

#

• 2025 -First analysis of Apple’s USB Restricted Mode bypass (CVE-2025-24200)

Jamf Threat Labs

#

• 2023 - WebKit vulnerability CVE‑2022‑42856 explained

• 2023 - The Web of Connections with iOS 16.4.1

• 2024 - CVE‑2024‑44131 TCC bypass (unauthorized iCloud access)

iVerify

#

• 2024 - Clipping Wings: Analysis of a Pegasus spyware sample

• 2024 - LightSpy iOS spyware

• 2025 - iVerify uncovers NICKNAME zero‑click iMessage exploit

• 2025 - Trust Broken at the Core

Apple Security Engineering and Research (SEAR)

#

• 2023 - What if we had the SockPuppet vulnerability in iOS 16?

Google TAG (Threat Analysis Group)

#

• 2023 - 0-days exploited by commercial surveillance vendor in Egypt

Alfie CG

#

• 2024 - A step‑by‑step guide to writing an iOS kernel exploit

• 2025 - Trigon: developing a deterministic kernel exploit for iOS (part 1)

• 2025 - Trigon: exploiting coprocessors for fun and profit (part 2)

cat/dev/brain

#

• 2024 - Reverse engineering the iOS 18 “Inactivity Reboot”

PKSecurity

#

• 2023 - Root cause analysis of CVE‑2023‑32439 (WebKit type confusion)