Billy Ellis
@bellis1000
iOS security researcher
Part 2 of Exploiting the iOS Kernel with PhysPuppet youtu.be/Y-UI4dEFXFk?si…
Just released a short writeup for the A9 version of the Trigon exploit, which involves getting code execution on a coprocessor before exploiting the kernel - enjoy! alfiecg.uk/2025/07/16/Tri…
I lightly mentioned CVE-2025-31235, a double-free I found in coreaudiod/CoreAudio, during my OffensiveCon presentation last month. It's been derestricted now, so enjoy my writeup which includes a PoC and dtrace script to help understand the vulnerability! project-zero.issues.chromium.org/issues/4062711…
Out-of-bounds swap on iOS heap when decoding a malicious audio stream (CVE-2025-31200) youtu.be/RWjpM0zDJVA?si…
Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm) project-zero.issues.chromium.org/issues/3962269…
Great research from Noah on the CoreAudio ITW vulnerability (CVE-2025-31200) patched in iOS 18.4.1 🐛
My writeup on CVE-2025-31200. This ones an interesting one blog.noahhw.dev/posts/cve-2025…. thanks to @bellis1000 for the shoutout.
This Video Can Exploit Your iPhone (CVE-2025-31200) youtu.be/nTO3TRBW00E?si…
CVE-2034-5678 in “CCTV firmware” from latest Black Mirror season. Bookmark this for 9 years from now and report your camera firmware bugs. You could align the show with reality
My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…
Great writeup, good job @alfiecg_dev
I've just published a new blog post detailing how I developed a deterministic kernel exploit for iOS. Enjoy! alfiecg.uk/2025/03/01/Tri…