[<prev] [<thread-prev] [day] [month] [year] [list]
Message-ID: <D_vNfyQRoIWAJdKXxpFw_8t5W4V1awepR02envn7THfxTLxod9YASZ0MsFRZ70n0zoxnVcJsW-AzBdu_YYwcCRd5n77V4Fzow1XEsXrEZAA=@proton.me>
Date: Fri, 03 Oct 2025 17:41:07 +0000
From: josephgoyd via Fulldisclosure <fulldisclosure@...lists.org>
To: "full@....org" <full@....org>
Cc: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: Re: [FD]
Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain → Secure Enclave Key Theft, Wormable RCE, Crypto Theft
The GitHub link has a write up on the attack-chain. Along with the CNVD certs that were issued for validation.
https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201
On Fri, Oct 3, 2025 at 11:42 AM, <[full@....org](mailto:On Fri, Oct 3, 2025 at 11:42 AM, <<a href=)> wrote:
> Substack is down. If there is a replacement, it is appreciated.
>
> -x9p
>
> On 6/9/25 2:22 AM, josephgoyd via Fulldisclosure wrote:
>> CVE-2025-31201 — Kernel escalation via malformed AMPDU metadata (PAC bypass)
>>
>> Write-Up and Artifacts:
>> https://weareapartyof1.substack.com/p/the-crypto-heist-apple-kept-quiet
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Powered by blists - more mailing lists