Attacking & Defending iOS


Cull Hardening Guides Techniques Training & Tutorials Security Testing Methodologies General Research Papers Reverse Engineering Jailbreaking


Title Link
iOS 678 Security - A Study in Fail
Jailbreak Stories - Cyril Cattiaux(pod2g) - WWJC 2014
Mobile self-defense - Karsten Nohl
Pentesting iOS Applications - Pentester Academy - Paid Course - This course focuses on the iOS platform and application security and is ideal for pentesters, researchers and the casual iOS enthusiast who would like to dive deep and understand how to analyze and systematically audit applications on this platform using a variety of bleeding edge tools and techniques.

Mobile Application Penetration Testing Cheat Sheet

  • iOS 11.1.2 (15B202) Jailbreak - Coalfire labs

  • Myriam

    • A vulnerable iOS App with Security Challenges for the Security Researcher inside you.
  • objection

    • objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.
  • Redo formatting

End Cull


Hacking Your Way Up The Mobile Stack

iOS Application Security Review Methodology

  • aurainfosec

Secure iOS application development

  • This guide is a collection of the most common vulnerabilities found in iOS applications. The focus is on vulnerabilities in the applications’ code and only marginally covers general iOS system security, Darwin security, C/ObjC/C++ memory safety, or high-level application security. Nevertheless, hopefully the guide can serve as training material to iOS app developers that want to make sure that they ship a more secure app. Also, iOS security reviewers can use it as a reference during assessments.


  • Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

List of Hardening Guides for iOS

Title Link
Excellent forum post detailing general security practices
Apple’s white paper on their security mechanisms built into iOS
University of Texas’s Checklist/Guide to securing iOS
Center for Internet Security Guide to securing iOS 7
Australian Signals Intel Guide to securing iOS 7
Excellent forum post detailing general security practices
Guide to hardening iOS with the goal of privacy


List of iOS Exploits


Title Link

Training & Tutorials


  • The aim of this project is to provide useful and updated tools and knowledge on iOS reverse engineering and exploitation. This is an ongoing effort, and still in a very new stage.

OWASP iOS crackme tutorial: Solved with Frida

Title Link
Bypassing SSL Cert Pinning in iOS
Learning iOS Application Security - 34 part series - damnvulnerableiosapp
**iOS app designed to be vulnerable in specific ways to teach security testing of iOS applications.
Damn Vulnerable iOS App - Getting Started
OWASP iGOAT - “iGoat is a safe environment where iOS developers can learn about the major security pitfalls they face as well as how to avoid them. It is made up of a series of lessons that each teach a single (but vital) security lesson.”

iOS Security Testing Methodologies/Tools

Title Link
iPwn Apps: Pentesting iOS Applications - SANS

| iOS Application Security Testing Cheat Sheet | | idb - idb is a tool to simplify some common tasks for iOS pentesting and research. It is still a work in progress but already provides a bunch of (hopefully) useful commands. The goal was to provide all (or most) functionality for both, iDevices and the iOS simulator. For this, a lot is abstracted internally to make it work transparently for both environments. Although recently the focus has been more on supporting devices. | | idb project page | | idb - iOS Blackbox Pentesting - Daniel A Meyer | | idb github page |


  • Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

General Research Papers

Title Link

Write-up for alloc8: untethered bootrom exploit for iPhone 3GS

Reverse Engineering

Title Link
IODIDE - The IOS Debugger and Integrated Disassembler Environment
Clutch - Fast iOS executable dumper
MEMSCAN - Dump iPhone app RAM - A Cigital consultant – Grant Douglas, recently created a utility called MEMSCAN which enables users to dump the memory contents of a given iPhone app. Dumping the memory contents of a process proves to be a useful technique in identifying keys and credentials in memory. Using the utility, users are able to recover keys or secrets that are statically protected within the application but are less protected at runtime. Users can also use the utility to verify that keys and credentials are appropriately disposed of after use.
*MEMSCAN - A memory scanning tool which uses mach_vm to either dump memory or look for a specific sequence of bytes.
IOS Reverse Engineering toolkit


Title Link
Guide to hardening iOS with the goal of privacy
IPhoneDevWiki - “Our goal is to share the sum of all human[1] knowledge about jailbroken iOS development. In other words, this is a collection of documentation written by developers to help each other write extensions (tweaks) for jailbroken iOS, and you're invited to learn from it and contribute to it too.”
The iPhone Wiki** - The iPhone Wiki is an unofficial wiki dedicated to collecting, storing and providing information on the internals of Apple's amazing iDevices. We hope to pass this information on to the next generation of hackers so that they can go forth into their forebears' footsteps and break the ridiculous bonds Apple has put on their amazing mobile devices.
OWASP Jailbreaking Cheat Sheet


  • open-source jailbreaking tool for older iOS devices

iOS Development

Title Link
imas - Defense for your iOS app - for developers



  • idb is a tool to simplify some common tasks for iOS pentesting and research


Write-up for alloc8: untethered bootrom exploit for iPhone 3GS