zeroxjf
Independent iOS Security Research
Vulnerabilities
CVE-2026-20687
AppleJPEGDriver startDecoder UAF
kernel · UAF
2026
CVE-2026-28992
IOHIDFamily FastPathUserClient UAF
kernel · UAF · race
2026
CVE-2026-20637
AppleSEPKeyStore Use-After-Free
kernel · UAF
2026
SEP-DoS
SEP Firmware Panic via AppleKeyStore
kernel/SEP · DoS
2026
Projects
Cyanide
iOS tweak runner on the DarkSword kernel r/w
iOS 17–18.7.1, 26.0–26.0.1 · fork of darksword-kexploit-fun
2026
LightSaber
Userland exploit chain w/ SpringBoard JS injection
iOS 18.4–18.6 · derived from DarkSword
2026
Blog
Notes
Cyanide: Writing Tweaks
RemoteCall · remote_objc API · developer reference
May 2026
Notes
Patching Metal Graphics into vphone
Feb 2026
iOS Tweaks
Add my repo to your package manager
https://zeroxjf.github.io
Sileo
Cydia
Zebra
Press
2025
Apple will push out rare backported patches to protect iOS 18 users from DarkSword hacking tool
WIRED
Sileo
Cydia
Zebra