Billy Ellis
@bellis1000
Followers
22K
Following
21K
Media
3K
Statuses
29K
iOS security researcher
London, England
Joined November 2013
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 https://t.co/EL3qg56N8X
16
217
788
Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy!
alfiecg.uk
Where did we leave off? Background: KTRR IORVBAR Coprocessors Always-On Processor Investigation AXI? What’s that?! Mapping DRAM Code execution Improving the strategy What about A7 and A8(X)? Conclu...
4
36
175
Yeah didn’t take long
0
0
8
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability!
3
43
200
Out-of-bounds swap on iOS heap when decoding a malicious audio stream (CVE-2025-31200) https://t.co/qRzR5Qo00T
1
34
194
This video digs deeper into the r/w primitives we get with the CoreAudio bug Based on the research provided by @noahhw4646
blog.noahhw.dev
Background On April 16, 2025, Apple released a patch for a bug in CoreAudio which they said was “Actively exploited in the wild.” This flew under the radar a bit. Epsilon’s blog has a great writeup...
0
3
15
I think this is the same effect as ‘learn by teaching’ when writing blogs. Fills the gaps in your knowledge.
0
0
6
When facing a technical challenge, draft a message to a colleague/developer friend. I find that ~50% of the time I figure out the solution before clicking send, just by defining the issue clearly.
2
9
57
The promo videos for Liquid Glass look beautiful, but seems implementation doesn’t land quite as well. I reckon Apple will partially revert this before full release, making elements more opaque again.
1
0
13
Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm)
0
5
25
Great research from Noah on the CoreAudio ITW vulnerability (CVE-2025-31200) patched in iOS 18.4.1 🐛
My writeup on CVE-2025-31200. This ones an interesting one https://t.co/z2AmzC8A4W. thanks to @bellis1000 for the shoutout.
0
2
43
Thanks to @HexRaysSA for sponsoring this video. You can use discount code BILLY50 to get 50% off your next IDA Pro individual license purchase. Contact sales@hex-rays.com
0
4
7
CVE-2034-5678 in “CCTV firmware” from latest Black Mirror season. Bookmark this for 9 years from now and report your camera firmware bugs. You could align the show with reality
4
0
28
My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - https://t.co/H4m8MBwoWN
21
234
706
Great writeup, good job @alfiecg_dev
I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! https://t.co/ah8qtW0CG5
1
5
39