-
Mac App Store App to Ransomware via Apple Classroom
A sandboxed Mac App Store app can lock your entire screen with custom text and block all input — using Apple's own Classroom feature via unauthenticated XPC access to loginwindow. Apple says it's not a security issue.
Repository -
Touch Bar Debug HUD via XPC
Unauthenticated XPC access to macOS DFRHUD service — enabling the Touch Bar debug overlay from any unprivileged client.
Repository -
Reverse Engineering Apple's DeviceCheck Token Generation
End-to-end reverse engineering of Apple's DeviceCheck token generation flow on iOS — from DCDevice API through devicecheckd to the final AES-GCM encrypted payload.
Repository
