Reverse Engineering Apple Security Updates

Apple’s security updates have long been a black box. CVE advisories offer vague descriptions, while the actual binary changes remain buried inside massive IPSW firmware images. This talk introduces a hybrid system that combines deterministic tools with agentic (LLM-powered) reasoning to reveal the real fixes behind each advisory. Building on manual patch-diffing techniques presented at Objective by the Sea v7, we’ll show how curated CVE data, IPSW extraction, and function-level diffs can be paired with reasoning agents to correlate binaries, explain mitigations, and classify vulnerabilities. The result is a reproducible pipeline that generates structured vulnerability reports within hours of release. We’ll walk through the methodology, demo the tooling (ipsw diff, Binary Ninja binary analysis, DSPy agents), and present case studies including: CVE-2025-43400 — FontParser out-of-bounds write CVE-2025-31325 — Audio double free CVE-2025-31201 — RPAC privilege escalation CVE-2025-43200 — Messages logic error If you’ve ever wondered what Apple really fixes each month, this talk will show you how to stop guessing and start knowing. Attendees will leave with a clear understanding of how to automate patch analysis, map CVEs to real code changes, and apply LLMs to uncover and detail the root causes of Apple’s latest vulnerabilities.