@patch1t profile picture
Mickey Jin @patch1t

Exploring the world with my sword of debugger : )

Joined August 2013
  • Tweets 304
  • Following 265
  • Followers 5,331
39 Photos and videos
Pinned Tweet
Mickey Jin@patch1t
Feb 26
Love the gifts from @Apple Product Security! ❤️❤️❤️
18
24
1,245
67,788
Mickey Jin retweeted
Csaba Fitzl
@theevilbit
Jun 8
Replying to @theJoshMeister
IMO Mysk is not trustworthy. They tried to hype low impact vulns as critical in the past (HTTP icon download). Also... duplicates happen, and Apple always credits you for those. If you can't trust the vendor's decision about first submitter, then don't submit. I did cross check a few of these duplicates with researchers in the past, and Apple was always right.
1
2
17
1,187
Mickey Jin retweeted
codecolorist@infosec.exchange@CodeColorist
Mar 27
codecolor.ist/grapefruit/ Friday night product launch is not a good idea, but here is v1.0.0 release npm i -g igf Prebuilt single execuatbles are also available on GitHub release page. Please give a 🌟 if you like this tool, maybe I can beg for some free coding tokens with it
3
26
97
11,023
Mickey Jin retweeted
Natalie Silvanovich@natashenka
Jan 15
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/p…

A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby

Over the past few years, several AI-powered features have been added to mobile phones that allow ...

projectzero.google
7
236
1,021
117,070
Mickey Jin retweeted
Patrick Wardle
@patrickwardle
Jan 5
Holiday Project 👨🏻‍💻🎄 Interested in macOS malware? Have a read!
Objective-See Foundation@objective_see
Jan 5
🎉 A decade of Mac malware research 🎉 Just published our 10th annual “The Mac Malware of <year>” report ...2025 edition! For each new sample of 2025, covers: 🔎 IoCs 💉 Infection 💾 Persistence 📡 Capabilities ☣️ Samples for download Dive in 👇 objective-see.org/blog/blog_…
11
38
8,858
Mickey Jin@patch1t
31 Dec 2025
New blog post, Bye 2025 jhftss.github.io/CVE-2025-43…

6
32
207
19,752
Mickey Jin retweeted
Proteas@ProteasWang
29 Dec 2025
The CVE data: github.com/Proteas/apple-cve…
1
17
4,301
Mickey Jin retweeted
Watch This Space@wtsdev
18 Dec 2025
Introducing DirtyDict. A series of vulnerabilities found by me and @patch1t. Most of this is my perspective, but Mickey did give me permission to share some details about one of his bugs. Enjoy! wts.dev/posts/dirtydict/

DirtyDict: Escaping the macOS Sandbox and wrecking havoc | Watch This Space

A security research blog.

wts.dev
3
15
62
8,353
Mickey Jin retweeted
Csaba Fitzl
@theevilbit
5 Dec 2025
🎉 My new blog post is about a PackageKit vulnerability I learned from @p1tsist1p 's blog posts. 🍎🐛macOS LPE via the .localized directory I tried convincing Apple to universally fix it with no luck. Go hunt for vulnerable pkg installers! There is a ton :-( Happy Friday! theevilbit.github.io/posts/l…

macOS LPE via the .localized directory

This blog is about a vulnerability on macOS which impacts every third party installer if they try to run a privileged command from within the application bundle. This vulnerability has a very long...

theevilbit.github.io
3
31
129
12,823
Mickey Jin retweeted
Dillon Franke@dillon_franke
23 Oct 2025
A really thorough overview of the research: github.com/trailofbits/explo…

exploits/obts-2025-macos-lpe/MacOS LPE traceroute6 2025.pdf at main · trailofbits/exploits

Contribute to trailofbits/exploits development by creating an account on GitHub.

github.com
11
36
5,880
Mickey Jin retweeted
Csaba Fitzl
@theevilbit
15 Oct 2025
The slidedeck to our talk, Crash One: A Starbucks Story - CVE-2025-24277, with @gergely_kalman from @hexacon_fr and @objective_see #OBTS is available from the link below. It was a macOS vulnerability impacting the crash reporting process where we could achieve LPE and sandbox escape. theevilbit.github.io/talks_w…

1
25
88
10,890
Mickey Jin retweeted
Ferdous Saljooki@malwarezoo
10 Sep 2025
Excited to share our research on ChillyHell, a modular macOS backdoor targeting officials in Ukraine. Check out our write-up for more details. jamf.com/blog/chillyhell-a-m…

Learn about ChillyHell, a modular Mac backdoor

Discover its origin, how it compromises macOS and more importantly, how the JTL detected this malicious threat to keep Jamf customers safe.

jamf.com
2
10
32
4,901
Mickey Jin@patch1t
4 Sep 2025
For those missing the talk, Blog: jhftss.github.io/Exploiting-… Slides: github.com/jhftss/jhftss.git…

Mickey Jin@patch1t
30 Jul 2025
Replying to @patch1t
Will share one of them at the Nullcon Berlin @nullcon
6
42
165
18,103
Mickey Jin retweeted
NULLCON@nullcon
4 Sep 2025
A tiny timing flaw in Apple’s core file-copy APIs can put millions of devices at risk 📂🍏 Despite warnings, Apple thought it was “too hard to exploit”—until Mickey Jin developed an exploit that steals secrets in privileged services 👉nullcon.net/berlin-2025/spea… #NullconBerlin2025
10
45
3,920
Mickey Jin retweeted
NULLCON@nullcon
4 Sep 2025
Thank you @helpnetsecurity to mention us 👍 awesome research by @tsunek0h #macOS #applesecurity #NullconBerlin2025 helpnetsecurity.com/2025/09/…

macOS vulnerability allowed Keychain and iOS app decryption without a password - Help Net Security

Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability (CVE-2025-24204) that allowed attackers to read the memory of any process, even with

helpnetsecurity.com
1
3
15
1,727
Mickey Jin retweeted
msuiche
@msuiche
24 Aug 2025
🚨 New blog post: ELEGANTBOUNCER - Catch iOS 0-click exploits without having the samples. Features iOS backup forensics & messaging app scanning for iMessage, WhatsApp, Signal, Telegram & Viber attachments. 🔗 Link -> msuiche.com/posts/elegantbou…

ELEGANTBOUNCER: When You Can't Get the Samples but Still Need to Catch the Threat

The story of how ELEGANTBOUNCER was born from the frustration of not having access to in-the-wild exploit samples, and why structural analysis beats signatures for advanced mobile threats

msuiche.com
8
62
198
37,488
Mickey Jin retweeted
NULLCON@nullcon
24 Aug 2025
🍏 #AppleDevelopers use NSFileManager thinking it’s safe — but @patch1t found a race condition once thought “impossible to exploit.” At #NullconBerlin2025, he’ll show how it works, why CVE-2024-54566 failed, and Apple’s final fix. 👉 nullcon.net/berlin-2025/spea… #iOS #applesecurity
1
3
23
4,212
Mickey Jin retweeted
binaryboy@b1n4r1b01
22 Aug 2025
Brief info and POC for this week's Apple 0click iOS 18.6.1 RCE bug CVE-2025-43300 github.com/b1n4r1b01/n-days/…
15
217
806
131,353
Mickey Jin retweeted
Samuel Groß@5aelo
1 Aug 2025
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectzero… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

Add V8SandboxFuzzer · googleprojectzero/fuzzilli@675eccd

This is a basic fuzzer for the V8 Sandbox. It uses the memory corruption API to implement a random-but-deterministic (given a seed) traversal through the V8 heap object graph and corrupts some obje...

github.com
2
72
293
24,719
Mickey Jin retweeted
Watch This Space@wtsdev
31 Jul 2025
Launch constraints are annoying as a security researcher. What if you didn't have to worry about them? wts.dev/posts/bypassing-laun…

CVE-2025-43253: Bypassing Launch Constraints on macOS | Watch This Space

A security research blog.

wts.dev
5
9
40
5,778
Load more