Hack

Developers use Ian Beer’s CVE-2025-24203 write-up to bring MacDirtyCow-like tweaks to newer firmware

Anthony Bouchard ∙ May 12, 2025

In case you didn’t already know, there’s a new kernel exploit out in the wild that renowned Google Project Zero security researcher Ian Beer recently published a writeup about. CVE-2025-24203, which is being referred to by the iPhone & iPad hacking community as dirtyZero or mdc0, is a kernel exploit that allows for certain system customizations akin to what the MacDirtyCow exploit was once capable of on supported firmware.

Nugget v5.2.2 released, now codesigned on Intel Macs, adds more bug fixes

Anthony Bouchard ∙ May 4, 2025

The Nugget iPhone customization utility, created by iOS developer LeminLimez and powered by the SparseRestore exploit, has been updated to version 5.2.2 on Sunday. The latest update brings with it some notable improvements for Intel-equipped Mac users, as well as other bug fixes that polish the user experience.

Nugget developer LeminLimez teases upcoming features, says version 5.2 could launch this week

Anthony Bouchard ∙ April 29, 2025

Nugget is a popular SparseRestore exploit-based device customization utility for iPhones and iPads that you can operate on a macOS or Windows-based PC and doesn’t require a jailbreak to use. Still yet, you can use it to enable hacks that behave a lot like jailbreak tweaks, and it works on certain versions of iOS 17 and 18.

Nugget v5.1.2 adds support for .mkv video files, upgrades frame limit, introduces fixes & improvements

Anthony Bouchard ∙ April 9, 2025

Nugget, a customization utility by iOS developer LeminLimez that takes advantage of the SparseRestore exploit to apply jailbreak tweak-like customizations to iPhones without an actual jailbreak, was graced with a duo of updates on Wednesday as the developer finds more ways to improve and refine it.

RootHide bootstrap v1.4 now out of beta, officially released with bug fixes & improvements

Anthony Bouchard ∙ April 9, 2025

It was only a couple of days ago that the RootHide team seeded two public betas of the RootHide bootstrap for iOS & iPadOS 14.0-17.0 devices with A8-A17 and M1-M2 chips. Fortunately, things went well since the beta testing didn’t last that long.

Nugget updated to v5.1 with support for importing video files as wallpapers & more bug fixes

Anthony Bouchard ∙ April 3, 2025

As you may recall, the Nugget SparseRestore exploit-based device customization utility for non-jailbroken handsets running iOS 17.0-18.4 beta recently picked up an update adding the ability to set animated wallpapers, and it was later reported that video wallpapers were coming soon. Well folks… that update is finally here.

New turdus merula SEP exploit-based firmware downgrading tool now available for A9-A10(X) devices

Anthony Bouchard ∙ March 31, 2025

If you have a legacy iPhone or iPad with an A9-A10(X) chip inside, then you might be excited to hear about a new and free firmware downgrading tool called terdus merula for macOS that allows you to downgrade your device’s firmware back to any version you want, in either a tethered or an untethered fashion.

g1lbertJB untethered jailbreak for iOS 5.0-6.1.2 updated with support for Windows machines

Anthony Bouchard ∙ March 31, 2025

While not talked about a whole lot due to the legacy firmware and devices that it supports, g1lbertJB is an untethered jailbreak that came out in 2023 that supports iPhones 3GS, 4, and 4S, as well as iPad (1st generation) and (2nd generation), and iPod touch (3rd generation) and (4th generation) running iOS 5.0-6.1.2.

Nugget updated to v5.0.3 with Windows-oriented fixes following v5.0.2 over the weekend

Anthony Bouchard ∙ March 31, 2025

Nugget, an iPhone customization utility by iOS developer LeminLimez that utilizes the SparseRestore exploit to enable various forms of jailbreak-like customization without a jailbreak, received two important updates in the past couple of days that all users should be taking advantage of.

Technical analysis by Verichains confirms sandbox escape use by certain banking apps to detect TrollStore, jailbreak apps

Anthony Bouchard ∙ March 28, 2025

Just yesterday, we reported on one of TrollStore perma-signing utility developer Lars Fröder’s posts on Bluesky sharing that some banking apps available in Apple’s App Store as of this writing utilize a 0-day sandbox escape technique to find out if certain unfavorable apps or services are installed on the end user’s device.

Ian Beer publishes in-depth analysis of BLASTPASS zero-click iMessage exploit from 2023

Anthony Bouchard ∙ March 27, 2025

In a surprise turn of events, Google Project Zero security researcher Ian Beer took to social media platform 𝕏 (formerly Twitter) this week to share an in-depth write-up on the 0-click NSO BLASTPASS iMessage exploit that had actively been exploited in the wild before being patched by Apple in iOS & iPadOS 16.6.1 on September 7th, 2023.

Are certain banking apps using a 0-day sandbox escape to detect TrollStore?

Anthony Bouchard ∙ March 27, 2025

Apple devices utilize a security technique called sandboxing, which isolates apps’ processes into their own protected environments so they can’t access certain parts of the file system that the manufacturer deems sensitive. But it’s possible for apps to circumvent this security mechanism via what’s known as a sandbox escape.