Mickey Jin

Love the gifts from @Apple Product Security! ❤️❤️❤️

@mysk_co The CVE-2026-28910 requires the access to a protected plist file first, this shouldn’t be considered as a real vulnerability, in my humble opinion.

@mysk_co This one is similar to my CVE-2026-20633, patched in macOS 26.4 too. However, my bug doesn’t require any user interaction. I can’t disclose the details right now because I have already submitted a bypass report 🫣

📝🚨 New blog post: How a bug in Archive Utility allowed access to protected app data (including iMessage and WhatsApp chats, and Safari cookies) without any permissions. The bug could also be exploited to hijack installed apps such as Signal and 1Password to perform phishing attacks. Apple fixed the issue in macOS 26.4 as CVE-2026-28910, five months after we reported it. mysk.blog/2026/05/19/cve…

@speedyfriend433 Congrats!

Received my first Apple Bounty in my life! Couldn’t check the status in real time, but now I can 🙂

@tonygo_ Congrats!

My first CVE! 🎉🎉🎉 This is my non-write-up blog post about it: blog.reversesociety.co/blog/2026/my-f…

codecolor.ist/grapefruit/ Friday night product launch is not a good idea, but here is v1.0.0 release npm i -g igf Prebuilt single execuatbles are also available on GitHub release page. Please give a 🌟 if you like this tool, maybe I can beg for some free coding tokens with it

@gefrorenerapfel @Apple Independent researcher

@patch1t @Apple That would be a dream 😍 Are you directly at apple or are you a partnered security researcher?

Love the gifts from @Apple Product Security! ❤️❤️❤️

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/pixel-…

Holiday Project 👨🏻‍💻🎄 Interested in macOS malware? Have a read!

New blog post, Bye 2025 jhftss.github.io/CVE-2025-43530/

The CVE data: github.com/Proteas/apple-…

@wtsdev Amazing coincidence

@patch1t For clarification, none of this was a collaboration. It's just the result of both of our independently (and almost coincidentally) researching the same targets.

Introducing DirtyDict. A series of vulnerabilities found by me and @patch1t. Most of this is my perspective, but Mickey did give me permission to share some details about one of his bugs. Enjoy! wts.dev/posts/dirtydic…

🎉 My new blog post is about a PackageKit vulnerability I learned from @p1tsist1p 's blog posts. 🍎🐛macOS LPE via the .localized directory I tried convincing Apple to universally fix it with no luck. Go hunt for vulnerable pkg installers! There is a ton :-( Happy Friday! theevilbit.github.io/posts/localize…

A really thorough overview of the research: github.com/trailofbits/ex…

The slidedeck to our talk, Crash One: A Starbucks Story - CVE-2025-24277, with @gergely_kalman from @hexacon_fr and @objective_see #OBTS is available from the link below. It was a macOS vulnerability impacting the crash reporting process where we could achieve LPE and sandbox escape. theevilbit.github.io/talks_workshop…

Excited to share our research on ChillyHell, a modular macOS backdoor targeting officials in Ukraine. Check out our write-up for more details. jamf.com/blog/chillyhel…

@logiruse The vulnerable API implementation also affects iOS, but it is more difficult to exploit because the mount trick doesn’t work on iOS.

@patch1t How does this risk affect apps on iOS?

For those missing the talk, Blog: jhftss.github.io/Exploiting-the… Slides: github.com/jhftss/jhftss.…

@tsunek0h Nice talk 👍

It's time to disclose this vulnerability. What happens if gcore has …apple.security.system-task-ports.read entitlement? That exactly is the root cause of CVE-2025-24204.