WebKit Heap Use-After-Free Proof-of-Concept (PoC) https://dark-life944.github.io/poc/

badUSB ek0ms style with integrated c2

poc for CVE-2025-24252 & CVE-2025-24132

This is POC for IOS 0click CVE-2025-43300

Public advisory, PoCs, and full technical report for Splashin iOS access‑control flaws (CVE‑2025‑45156 & CVE‑2025‑45157).

IOS audio buffer overflow CVE-2025-31200 POC

IPSW Diffs

Public disclosure of CVE-2025-31200 – Zero-click RCE in iOS 18.X via AudioConverterService and malicious audio file.

Shell script that creates a ssh ramdisk

Booting macOS's WindowServer on your jailbroken iDevice for real

Write to any where in /var/mobile/Containers/, running on iOS 16.0 - 18.5 (up to lastest since Apple said it's not security issues and you don't have to concern it). Okay :D

iOS Application w/Implementation of CVE-2024-27804

Your all-in-one tweak for WhatsApp Messenger!

VNC server for iOS devices, allowing remote access and control of the device’s screen.

PoC and technical details of CVE-2025-24204

CVE-2025-24201 WebKit Vulnerability Detector (PoC)

Mp3 Reverse Shell Listener In Python

POC for CVE-2024-27804

my try at recreating and exploiting some v8 CVEs

Suspicious ODoH-based DNS beaconing was observed on a non-jailbroken iOS 18.6.2 device. Apple-signed system processes initiated encrypted queries every 60 seconds, triggered by Bluetooth events. Th…

This repo documents a vulnerability in Siri Shortcuts and Shared Web Credentials (SWC) allowing malformed payloads to persistently execute, trigger retry storms, bypass TLS validation, and request …

iOS 18.6.2 suffers from broken encryption caused by a trust subsystem failure. Malformed anchor records and ATS disablement allow TLS connections to succeed without certificate validation, exposing…

Silent TCC bypass in iOS 18.6 allows Apple daemons to access protected data, modify sensitive settings, and exfiltrate ~5MB of data over the network—without user interaction, apps, or prompts. Logg…

Zero-day in AppleMediaServices: Bag fetch failure disables Mescal/Absinthe signing. Requests to Apple services proceed unsigned, exposing downgrade, replay, and bypass risk. Includes analysis, log …

Discovery of a critical Bluetooth and GPS privacy vulnerability in iOS 18.5 enabling silent BLE scans, covert GPS activation, and trust metadata exposure without user consent. Native Apple daemons …

A jailed filesystem viewer & extractor for iOS 15.0 - iOS 18.3.2.

Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.