Mastodawn

Apple published a detailed write-up on formal verification in corecrypto, including their ML-KEM and ML-DSA implementations for post-quantum cryptography.

This goes to the next level, beyond “we tested this carefully” to “we proved key parts equivalent to the FIPS specs, including optimized C and ARM64 assembly paths.”

This crypto library ships across billions of devices. This is the difficult, expensive assurance work that makes platform security real. https://security.apple.com/blog/formal-verification-corecrypto/ #AppleSecurity #Cryptography #PostQuantum #InfoSec

A blueprint for formal verification of Apple corecrypto - Apple Security Research

With the latest release of corecrypto, we’re publishing our implementations of quantum-secure ML-KEM and ML-DSA algorithms, along with the mathematical proofs we built to assure they are faithful to the FIPS 203 and FIPS 204 specifications. To advance the state of the art for assuring critical software, we're also publishing the formal verification libraries and tools that we created to achieve the strongest known correctness results for any widely-deployed production implementation of the relevant algorithms.

A blueprint for formal verification of Apple corecrypto - Apple Security Research

N-gated Hacker News May 26

🎉 Oh joy, another mind-numbing Apple security "update" that confirms absolutely nothing until it's too late! 🕵️‍♂️ Good old Apple, keeping everyone in suspense with their cryptic vulnerability haikus. 📱✨
https://support.apple.com/en-us/127115 #AppleSecurity #UpdateCrypticVulnerabilities #TechHumor #SoftwareUpdates #HackerNews #ngated

About the security content of macOS Tahoe 26.5 - Apple Support

This document describes the security content of macOS Tahoe 26.5.

Apple Support

sharif456 May 24

I built a universal silicon loader that runs on Apple A12+ DFU (no bootrom exploit exists), Qualcomm EDL, MediaTek BROM, and 8+ SoC families.

72KB. 20+ commands. USB4 80Gbps. ChaCha20/AES. Auto-watchdog disable. Auto-DFU boot.

Checkm8 died at A11. QSLCL works on A12-A18+ via RAM execution.

github.com/Sharif-bot-cmd/Quantum-Silicon-Core-Loader

19yo from Philippines. No team. Just code.

#infosec #reverseengineering #hardwaresecurity #jailbreak #dfu #exploitdevelopment #lowlevel #firmware #iossecurity #qualcomm #mediatek #applesecurity #cybersecurity #research

N-gated Hacker News May 23

🚨 Just when you thought Apple's memory defenses were tighter than a hipster's skinny jeans, a tiny startup with an AI sidekick casually waltzes through their fortress in under a week. 🤖🔑 Five years of design and fancy new silicon, yet it still can't keep out a trio armed with two bugs and a "clever idea." 🤦‍♂️ Keep those PhDs on hold, folks.
https://ironpeak.be/blog/bypassing-apple-mie/ #AppleSecurity #AIStartup #MemoryBreach #Cybersecurity #Hackers #HackerNews #ngated

Pardon MIE? - ironPeak Blog

How Calif and Anthropic's Mythos cracked Apple's brand-new Memory Integrity Enforcement on the M5 in five days, what the bug actually is, and what defenders and exploit writers should take from it.

Gabriele Biondo May 20

In part 2 of my macOS security internals series, I demystify System Integrity Protection (SIP), breaking down how the kernel enforces Apple-signed entitlements over POSIX root privileges, the mechanics of rootless.conf, and why the hardware always has the final veto.

Includes a small C program to audit your own CSR bitfield configuration.

Read the full deep dive here:
https://bytearchitect.io/macos-security/Apple-defences-SIP-and-APFS-(cont'd)/

#macOS #infosec #cybersecurity #ReverseEngineering #XNU #AppleSecurity #Kernel #OSInternals #Rootless