JJTechMar 24

Unfortunately it looks like CVE-2025-43520 was patched in iOS 26.1b4, the exact build I happened to leave my test device on...

I might play around with it on my Mac or in one of the new iOS pccvre VMs though.

Show threadJJTechMar 24

DarkSword using JavaScriptCore.framework (presumably interpreter-only) to run an injected payload in arbitrary processes using just krkw is an interesting approach...

Reminds me of Frida's GumJS;

I wonder if one could get Frida proper working, without a full jailbreak.

Show threadJJTech
or; I wonder if it would be possible to create a "Frida-lite" that just used JavaScriptCore with a shim compatible API on top?
Mar 24 at 2:32pmWeb