Mysk🇨🇦🇩🇪1d ago

Good to know but every vulnerability we discovered and reported to Apple also affected the Lockdown Mode. This includes CVE-2024-54492 that impacted the Passwords app. An option to "Allow Contacting Websites" was added starting iOS 26

#privacy #security #iOS #Apple #infosec
--------
Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked

https://www.macrumors.com/2026/03/27/no-iphone-in-lockdown-mode-has-ever-been-hacked/

Show threadBuccia1d ago
@mysk Lockdown Mode doesn’t affect the password app and that vulnerability wasn’t used to install spyware, nor i think it could be.
Show threadMysk🇨🇦🇩🇪
@BucciaBuccia The point we were trying to make is that according to our experience the Lockdown Mode hasn't proven effective against unknown vulnerabilities, not that the vulnerability we discovered is considered a compromise. However, it can be chained with other attacks to result in a severe compromise, such as hijacking an HTTP connection and then feeding the Password app a malicious payload or icon.
Mar 29 at 12:29amWeb
Show threadBuccia13h ago

@mysk > Lockdown Mode hasn't proven effective against unknown vulnerabilities

It did for the features where it applies.

> hijacking an HTTP connection and then feeding the Password app a malicious payload or icon

In that case, it could have an impact because Lockdown Mode disables almost all ImageIO parsers.