I’m thrilled to announce that I will be joining @CellebriteLabs next month, kickstarting my career as a full-time iOS researcher. I hope to wrap up some final projects and release them in the coming weeks, but most of my public work will stop after this - it’s been a blast! 🚀💯

🔺iPhone models announced today include Memory Integrity Enforcement, the culmination of an unprecedented design and engineering effort that we believe represents the most significant upgrade to memory safety in the history of consumer operating systems.

[POC2025] SPEAKER UPDATE 4⃣ 👤 Alfie CG(@alfiecg_dev) – "Trigon: Developing a deterministic iOS Kernel Exploit" #POC2025

Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 https://t.co/EL3qg56N8X

@dora2ios For anyone wondering how I got tfp0, the source code is printed in the terminal window during the video. Easiest way to get tfp0 on iOS 14+ 🚨

Thanks for the passcode tweak @dora2ios 💯

A8X SEP haxx?

Great exploit from staturnz - for those of you who hadn’t realised, this is the same bug used in Trigon, working all the way back to iOS 3!

Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy!

Me and @staturnzdev have been going to great lengths to try and get a truly deterministic Trigon exploit working for A9. This is one of the more complicated strategies, but it's working pretty nicely! Expect an open-source release and writeup in the future. 💯

🤝 @staturnzdev

A8, A9, A10 and A11 all jailbroken via my iOS 14 jailbreak, Apex. Release soon (hopefully).

iOS 10.3.4 untethered jailbreak demo

Update: I integrated landa into the latest commit, which adds supported for the remaining iOS 15 versions. The exploit will now work on all iOS 14 and 15 versions.

Vertex should now work on all devices running iOS 14.0 - 15.7.3.

Shout out @dora2ios for the help and some really great ideas ‼️

Finally managed to exploit Trigon on arm64e! Certainly more complicated than arm64, but it uses some cool tricks that certainly make it a really nice exploit. Just like the original, it’s a very quick exploit, and of course deterministic too.

This is unexploitable due to the anti-replay integrity tree, but it's still been a cool project to work on and a great way to learn a bit more about the SEP.

TZ0 read/write on T8015 #IntegrityTree

I've just released the slides from my @0x41con talk with @opa334dev - "The State of iOS Jailbreaking in 2025". https://t.co/CfUjUNo5jq