Watch This Space

New blog post. This is a fun one: wts.dev/posts/chatgpt-… thanks to @theo for connecting me with the OpenAI team, and thanks to @zemnmez for working with me on this (even though it wasn't patched)

Billy is quickly becoming one of my favorite Apple security researchers who publicly share exploit information. Incredible work. This explanation of JIT bugs reminds me a lot of how I understand speculative execution bugs to work.

@zeroxjf At least they're patched! But yeah, this is definitely breaking my perspective on these exploits being narrow and secretive. I wonder what (if any one thing) has caused these things to leak.

@wtsdev With key vulnerabilities in the chain being patched as recently as iOS 26.2/26.3!

More (truncated) DarkSword findings I scraped together — C2 hardcoded in plaintext, anti-forensics routine that unlinks 22 temp files after stealing keychains/WiFi passwords, and a real GPU crash log from in-the-wild exploitation

@zeroxjf Yeah. I felt safer when I saw that the original Coruna write-up mentioned CVE's that were years old. But I'm now hearing rumors and such that there's stuff in the wild now for much newer (and more recent) iOS versions. Scary stuff!

@wtsdev Completely agree - this is all pretty concerning. Apple has raised the barrier enough to sideline most independent researchers, yet their systems still appear exposed to well-resourced state actors

Electron 41 is out! It includes a new security feature I contributed and the team let me write a blurb in their announcement blog post! Shoutout and thanks to the team for working with me on this! I'm really enjoying contributing to Electron. electronjs.org/blog/electron-…

@_TheCodeTalker @clearbluejar @REverseConf Thanks!

@wtsdev @clearbluejar @REverseConf Here you go youtu.be/4fiKBHuSYMg?si…

Grateful to have presented "Reverse Engineering Apple Security Updates" at @REverseConf last week. Great crowd, solid questions, and an incredibly well-run event. Orlando was the right vibe for the RE community. Slides coming soon!

@XorNinja @blacktop__ Hell, yeah! Well-deserved.

We have some exciting news to share: @blacktop__ is joining Calif to work on a range of R&D projects focused on Apple and AI security. If you work in the Apple security ecosystem, he’s already a household name. He’s the creator of: * ipsw – the ubiquitous Apple firmware analysis tool: github.com/blacktop/ipsw * darwin-xnu-build – reproducible XNU kernel builds: github.com/blacktop/darwi… * ipsw-diffs – automated diffing of Apple releases: github.com/blacktop/ipsw-… * The only public deep-dive on Apple’s Lockdown Mode: github.com/blacktop/prese… His tooling is so good that even Apple engineers use it. If you do reverse engineering, chances are you’ve touched his Rust headless IDA MCP server: github.com/blacktop/ida-m…. People have literally collected CVEs and bug bounties just by digging through the diffs produced by his tools. With @brucedang, @Little_34306 and now @blacktop__, we're building a serious Apple security force at Calif. We’ll have more announcements in this space soon! If you're interested in Apple security, AI, automated bug discovery, reverse engineering, or hacking, we’re hiring: calif.io/jobs.

@_saagarjha @lunginspector @patrickwardle That's a good position to have. I wish/hope more people were/are like that.

@wtsdev @lunginspector @Hermes_tooll @patrickwardle I feel like people selling iCloud bypasses never know what they are talking about

@_saagarjha @lunginspector @Hermes_tooll @patrickwardle Yeah, but over time it does make them look more like they know what they're talking about (when they may not).

@wtsdev @lunginspector @Hermes_tooll @patrickwardle To be fair there isn't much to steal here it's just the names of some memory performance tools

My Kass project on GitHub just recently hit 100 stars! That's pretty cool. github.com/nmggithub/Kass

@SwiftOnSecurity Taylor Swift implies the existence of Taylor Objective-C

@theo @notyouravgcoder Interestingly, I remember never liking Sublime Text. Atom felt so much nicer to use. Then, of course, VS Code came out and was even better.

@notyouravgcoder Third option: “you’re old if you know what this is”

This tweet is a Rorschach test. At first I read it as: “If you’ve been around long enough to recognize this, you’re ahead of the curve enough to retire yourself in the next few years” Then I read it as: “If you’ve been using this (code editor) get ready to be made obsolete”

Fuck me, this hit. I genuinely hope we aren't losing these kinds of experiences. People deserve the space to learn and grow by themselves and figure stuff out. It looks funny in retrospect, but not everything needs to be in furtherance of some grand project. Just be, and do.

@speedyfriend433 Unclear. At best, it would likely fall under their discretionary $1,000 reward mentioned in this blog: security.apple.com/blog/apple-sec… I say "discretionary" as their blurb in the article is vague on circumstances and appears potentially misaligned with what I've heard from others.

Does apple still pay for stable macOS LPE?

@theo Wouldn't be surprised if it's a kernel thing they just chose not to backport to Sequoia.

Heads up. New Studio Display XDR from Apple requires you to be on Tahoe to get the full capabilities. You're capped at 60hz on Sequoia. I might return it over this.

I saw this earlier and thought it was a meme. A joke. What the fuck do you mean it's real?

@OrdinaryInds They may have seen an error when they tried to commit without a message and decided to go down the path of figuring out how to commit without one instead of learning how to include a message.

I’m desperate to know why they need to consistently make empty commits with no commit message at all. Their git history:

I can’t tell if it’s worse that they needed to ask AI how to commit or that they felt the need to immediately share it with the world. Vibe coders need to be studied.

@tylerangert Screenshot from earlier. Thank you Apple, very cool!

appears resolved

@mitchellh @cjwestland Yeah, I definitely understand that impulse of others. I personally try to watch what I post publicly because I'm aware of how things can look. I know I'm probably in the minority on that.

@wtsdev @cjwestland I mean that’s best. It’s just that most people choose to complain on social media first :)

As a product person, some of the most important feedback you can get is why someone bounced on first use. It's also some of the hardest to get and social media remains the best way to get it. Product people MUST aggressively pay attention. E.g. x.com/mitchellh/stat… There's a lot of complainers and noise and you just have to learn to not take that personally. The people who have worked closely with me know that what people say on the internet REALLY doesn't bother me. Instead, I'm always just digging for the nugget of truth in there, the objectively useful piece of data hiding behind the childish emotional temper tantrums online people throw (just so I don't insult anyone here, the quoted tweet here was not that, it was direct and to the point). If you get your feelings hurt by people on the internet, you're going to miss out on good feedback for genuine improvement.