f

src/binary-exploitation/ios-exploiting/CVE-2020-27950-mach_msg_trailer_t.md

@@ -343,3 +343,4 @@ int main(int argc, char *argv[]) {
 
 
 {{#include ../../banners/hacktricks-training.md}}
+

src/binary-exploitation/ios-exploiting/CVE-2021-30807-IOMobileFrameBuffer.md

@@ -299,3 +299,4 @@ int main(void) {
 - [Research from jsherman212](https://jsherman212.github.io/2021/11/28/popping_ios14_with_iomfb.html?utm_source=chatgpt.com)
 
 {{#include ../../banners/hacktricks-training.md}}
+

src/binary-exploitation/ios-exploiting/README.md

@@ -274,3 +274,4 @@ For example, the versions `15.1 RC`, `15.1` and `15.1.1` use the version `Darwin
 
 
 {{#include ../../banners/hacktricks-training.md}}
+

src/binary-exploitation/ios-exploiting/ios-corellium.md

@@ -82,3 +82,4 @@ ssh -N -L 2222:127.0.0.1:22 root@10.11.1.1
 
 
 {{#include ../../banners/hacktricks-training.md}}
+

src/binary-exploitation/ios-exploiting/ios-example-heap-exploit.md

@@ -211,3 +211,4 @@ if __name__ == '__main__':
 
 
 {{#include ../../banners/hacktricks-training.md}}
+

src/binary-exploitation/ios-exploiting/ios-physical-uaf-iosurface.md

@@ -221,3 +221,4 @@ void iosurface_kwrite64(uint64_t addr, uint64_t value) {
 With these primitives, the exploit provides controlled **32-bit reads** and **64-bit writes** to kernel memory. Further jailbreak steps could involve more stable read/write primitives, which may require bypassing additional protections (e.g., PPL on newer arm64e devices).
 
 {{#include ../../banners/hacktricks-training.md}}
+