Mickey Jin

Love the gifts from @Apple Product Security! ❤️❤️❤️

@gefrorenerapfel @Apple Independent researcher

@patch1t @Apple That would be a dream 😍 Are you directly at apple or are you a partnered security researcher?

Love the gifts from @Apple Product Security! ❤️❤️❤️

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/pixel-…

Holiday Project 👨🏻‍💻🎄 Interested in macOS malware? Have a read!

New blog post, Bye 2025 jhftss.github.io/CVE-2025-43530/

The CVE data: github.com/Proteas/apple-…

@wtsdev Amazing coincidence

@patch1t For clarification, none of this was a collaboration. It's just the result of both of our independently (and almost coincidentally) researching the same targets.

Introducing DirtyDict. A series of vulnerabilities found by me and @patch1t. Most of this is my perspective, but Mickey did give me permission to share some details about one of his bugs. Enjoy! wts.dev/posts/dirtydic…

🎉 My new blog post is about a PackageKit vulnerability I learned from @p1tsist1p 's blog posts. 🍎🐛macOS LPE via the .localized directory I tried convincing Apple to universally fix it with no luck. Go hunt for vulnerable pkg installers! There is a ton :-( Happy Friday! theevilbit.github.io/posts/localize…

A really thorough overview of the research: github.com/trailofbits/ex…

The slidedeck to our talk, Crash One: A Starbucks Story - CVE-2025-24277, with @gergely_kalman from @hexacon_fr and @objective_see #OBTS is available from the link below. It was a macOS vulnerability impacting the crash reporting process where we could achieve LPE and sandbox escape. theevilbit.github.io/talks_workshop…

Excited to share our research on ChillyHell, a modular macOS backdoor targeting officials in Ukraine. Check out our write-up for more details. jamf.com/blog/chillyhel…

@logiruse The vulnerable API implementation also affects iOS, but it is more difficult to exploit because the mount trick doesn’t work on iOS.

@patch1t How does this risk affect apps on iOS?

For those missing the talk, Blog: jhftss.github.io/Exploiting-the… Slides: github.com/jhftss/jhftss.…

@tsunek0h Nice talk 👍

It's time to disclose this vulnerability. What happens if gcore has …apple.security.system-task-ports.read entitlement? That exactly is the root cause of CVE-2025-24204.

A tiny timing flaw in Apple’s core file-copy APIs can put millions of devices at risk 📂🍏 Despite warnings, Apple thought it was “too hard to exploit”—until Mickey Jin developed an exploit that steals secrets in privileged services 👉nullcon.net/berlin-2025/sp… #NullconBerlin2025

Thank you @helpnetsecurity to mention us 👍 awesome research by @tsunek0h #macOS #applesecurity #NullconBerlin2025 helpnetsecurity.com/2025/09/04/mac…

@nullcon Apple: I’ve already warned you copyfile API has a vulnerability, can you catch it?

Super cool research by @patch1t . Exploiting the impossible , #Apple Deems Unexploitable … #NullconBerlin2025

🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples. Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments. 🔗 Link -> msuiche.com/posts/elegantb…

🍏 #AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At #NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 nullcon.net/berlin-2025/sp… #iOS #applesecurity