user avatar
Ian Beer
@i41nbeer
Joined December 2017
147
Following
46.6K
Followers
  • user avatar
    Ian Beer
    @i41nbeer
    Dec 15, 2021
    Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists, activists and dissidents around the world.
    A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
    From projectzero.google
  • user avatar
    Ian Beer
    @i41nbeer
    Aug 8, 2018
    Hi @tim_cook, I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to @amnesty?
  • user avatar
    Ian Beer
    @i41nbeer
    Dec 1, 2020
    Excited to finally publish my lockdown project from earlier this year: an iOS zero-click radio proximity exploit odyssey.
    An iOS zero-click radio proximity exploit odyssey
    From projectzero.google
  • user avatar
    Ian Beer
    @i41nbeer
    May 29, 2018
    If you're interested in bootstrapping iOS kernel security research keep a research-only device on iOS 11.3.1 for more tfp0. Release probably next week. Oh, and the 11.1.2 KDP-compatible kernel debugger really is coming soon!
  • user avatar
    Ian Beer
    @i41nbeer
    Jun 13, 2018
    empty_list, a proof-of-concept exploit for the getvolattrlist iOS 11.3.1 kernel bug: bugs.chromium.org/p/project-zero… Please read the README.
  • user avatar
    Ian Beer
    @i41nbeer
    Dec 11, 2017
    iOS 11.1.2, now with more kernel debugging: bugs.chromium.org/p/project-zero…
  • user avatar
    Ian Beer
    @i41nbeer
    Sep 19, 2018
    Replying to @i41nbeer
    And if you're using the mptcp/vfs exploits for security research (eg with Electra 11.3.1) you should just keep using that. I'll release the 11.4.1 exploits I have but the focus will shift to iOS 12 now :)
  • user avatar
    Ian Beer
    @i41nbeer
    Dec 5, 2017
    If you're interested in bootstrapping iOS 11 kernel security research keep a research-only device on iOS 11.1.2 or below. Part I (tfp0) release soon.
  • user avatar
    Ian Beer
    @i41nbeer
    Jun 5, 2018
    iOS 11.4 patched kernel memory corruption bugs I reported in two distinct areas: mptcp and vfs. My exploit for the mptcp bug is here: bugs.chromium.org/p/project-zero… Please read the README. It requires an Apple developer cert.
  • user avatar
    Ian Beer
    @i41nbeer
    Jun 8, 2018
  • user avatar
    Ian Beer
    @i41nbeer
    Aug 30, 2019
    googleprojectzero.blogspot.com/2019/08/a-very… thanks to @_clem1, @5aelo for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.
    A very deep dive into iOS Exploit chains found in the wild
    From projectzero.google
  • user avatar
    Ian Beer
    @i41nbeer
    Mar 6, 2020
    A little PoC for dumping physical memory from iPhone 11 pro, no cables required ;) bugs.chromium.org/p/project-zero…
  • user avatar
    Ian Beer
    @i41nbeer
    Dec 11, 2017
    Replying to @i41nbeer
    tfp0 should work for all devices, the PoC local kernel debugger only for those I have to test on (iPhone 7, 6s and iPod Touch 6G) but adding more support should be easy
  • user avatar
    Ian Beer
    @i41nbeer
    Sep 19, 2018
    The iOS 12 security bulletin seems to only include iOS-only bugs this time (as opposed to those which affect iOS *and* MacOS.) There are far more fixes in iOS 12 than are mentioned, including a nasty logic bug to break you out of the app sandbox. Update your personal devices!