A dark‑web listing advertises iExploit Lab v1.0, a purported iOS 13‑17.2 exploit kit priced at $20,000, claiming remote code execution, sandbox escape, privilege escalation, and data theft via a C2 panel, though its authenticity remains unverified.
A hacker known as xone9to1 posted on a dark‑web forum a so‑called “Zero‑click RAT” that can silently infect iPhone 17 (iOS 26.2) and Android 16, offering real‑time camera, microphone, wallet theft, and remote control capabilities, while experts debate its authenticity and advise urgent security updates.
This article provides a comprehensive examination of Apple’s UserFS, detailing its architecture, mounting and file‑access control flows, exposing three real vulnerabilities (CVE‑2022‑42861, CVE‑2022‑42842, a kernel UAF) and discussing how UserFS reshapes the iOS file‑system security model.
The article chronicles the 2015 XcodeGhost incident, detailing how a malicious Xcode version infected dozens of popular iOS apps, the response from Tencent, Apple, and security researchers, and the lessons learned for developers and the broader mobile security community.
This article explains the XcodeGhost malware that infected iOS developers, detailing its data‑reporting and command‑issuing capabilities, the potential threats it poses on older iOS versions, and practical steps to detect and remove an infected Xcode installation.
