diff --git a/README.md b/README.md index 83bf6a7..8bb7764 100644 --- a/README.md +++ b/README.md @@ -1,126 +1,77 @@ -# "For the Record" +# Joseph R. Goydish II -This repository serves as the canonical, cryptographically anchored ledger of my security research (Track B) and regulatory/whistleblower disclosures (Track A). +Public-interest technical record, evidence preservation, and signed activity ledger. -This system is built on an **Active Forensic** architecture. I do not ask for trust; I provide the third-party cryptographic and institutional anchors required for independent verification. +This profile indexes public records, signed ledger entries, submissions, receipts, hashes, and supporting artifacts that can be checked independently. The strongest current anchors are two CNVD/CNCERT certificate exhibits naming `Joseph Goydish` as contributor for Apple vulnerability records, plus a five-CVE CISA/NVD rescore trail tied to public vulnrichment filings. -## Core Metrics -- **Total Cases:** 27 -- **Verifiable Timeline Events:** 187 -- **High-Impact CVE Rescores:** 5 (3× CVSS 10.0, 2× CVSS 9.8) -- **Institutional Jurisdictions:** 12 -- **Cryptographic Root:** PGP Fingerprint `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11` +## Canonical Record ---- +For the visual front page, open [`index.html`](./index.html). If GitHub Pages is enabled for this repository, that file is the browser landing page for the canonical activity record. -## 🛡️ Identity & Verification +The full chronological record remains in [`Running-Ledger`](https://github.com/JGoyd/Running-Ledger): submissions, receipts, DKIM/e-signed evidence, reference numbers, packet hashes, and signed ledger entries. -### PGP Public Key -- **Fingerprint:** `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11` -- **Verification:** All commits in this repository are signed by a YubiKey hardware token. -- **Identity Attestation:** See [`/canonical/identity-attestation.txt.asc`](./canonical/identity-attestation.txt.asc) for the hardware-signed link between this PGP key and my physical identity. +## Public Anchors -### Running Ledger -The central index of all activity is [`/ledger/running-ledger.txt`](./ledger/running-ledger.txt). It is detached-signed (`.asc`) and OpenTimestamps-anchored (`.ots`). +| Anchor | What the record shows | Proof path | +| --- | --- | --- | +| CNVD/CNCERT certificates | Two Apple vulnerability certificate records name `Joseph Goydish` as contributor: CNVD-2025-06744 and CNVD-2025-07885 | [`anchors/`](./anchors/) | +| CISA/NVD rescore trail | Five Apple CVEs on public scoring-history trail: three CVSS 10.0 and two CVSS 9.8 | [`anchors/cisa-nvd-vulnrichment-rescore/`](./anchors/cisa-nvd-vulnrichment-rescore/) | +| CERT/CC chronology | VINCE case timing predates relevant Apple advisories in the public chronology | [`anchors/certcc-vince-chronology/`](./anchors/certcc-vince-chronology/) | +| Signed ledger | Chronological index of public anchors, submissions, receipts, DKIM/e-signed evidence, hashes, and reference numbers | [`Running-Ledger`](https://github.com/JGoyd/Running-Ledger) | ---- +## Public Technical Anchors -## Section 1: Security Research (Track B) +| Record | Date | Contributor / filing | Public status | +| --- | ---: | --- | --- | +| CNVD-2025-06744, Apple iOS / iPadOS buffer overflow | 2025-03-18 | CNVD-YCGO-202503023656 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit | +| CNVD-2025-07885, Apple memory reuse | 2025-04-22 | CNVD-YCGO-202504012519 names `Joseph Goydish` | CNVD/CNCERT certificate exhibit | +| CVE-2025-24085 | 2025-01-27 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail | +| CVE-2025-24201 | 2025-03-11 | `cisagov/vulnrichment#194` | CVSS 10.0 public rescore trail | +| CVE-2025-43300 | 2025-08-20 | `cisagov/vulnrichment#201` | CVSS 10.0 public rescore trail | +| CVE-2025-31200 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail | +| CVE-2025-31201 | 2025-04-16 | `cisagov/vulnrichment#200` | CVSS 9.8 public rescore trail | -### Flagship: VU#395558 / Glass Cage (CVSS 10.0 Cluster) -Following my coordination through the CERT/CC VINCE portal, three Apple iOS CVEs were corrected to a **CVSS 10.0 (Critical)** score. +The record supports a narrow chronology: CERT/CC VINCE timing before relevant Apple advisories, followed later by public CISA/NVD scoring-history activity tied to public filings. -| Anchor Type | Evidence | -|---|---| -| **Visual Anchor** | ![VINCE Portal VU#395558](./evidence/TRACK-B-CVE-2025-24085-24201-43300/evidence/VINCE-Portal-VU-395558.1.jpg) | -| **CERT/CC DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=cert.org` | -| **CISA/DHS DKIM** | `Authentication-Results: mail.protonmail.ch; dkim=pass header.d=associates.cisa.dhs.gov` | +## Signed Ledger ---- +The ledger is the public index, not the whole archive. It records: -## Section 2: Regulatory & Whistleblower Filings (Track A) +| Evidence class | What it can establish | +| --- | --- | +| Public anchors | CNVD/CNCERT records, NVD/CISA records, public repositories, public advisories | +| Submission and receipt evidence | Agency intake, reference numbers, ticket IDs, e-signed receipts, DKIM-valid messages | +| Local integrity evidence | SHA-256 hashes, signed notes, detached signatures, archive references | -**Standing Disclaimer:** Filing and agency acknowledgement does not constitute adjudication of underlying claims. +## Verify -### Global Institutional Anchors (Cryptographic Proof) -The following snippets prove institutional intake via cryptographic handshake (DKIM-pass). Raw `.eml` files are available in the `evidence/` folders. +```text +OpenPGP fingerprint: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11 +GitHub account: https://github.com/JGoyd +Primary ledger: Running-Ledger repository +Identity attestation: ./canonical/identity-attestation.txt.asc +``` -#### 🏛️ US Securities and Exchange Commission (SEC) -- **Matter ID:** `20260513-00019687` -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=sec.gov - From: Ombuds OMMS - ``` +```bash +gpg --keyserver hkps://keys.openpgp.org --recv-keys 4A041F506D894F5EE391743864878B56A2EB2D11 +gpg --fingerprint --keyid-format long 4A041F506D894F5EE391743864878B56A2EB2D11 +# Run this from a checked-out copy of the Running-Ledger repository: +gpg --verify running-ledger.txt.asc running-ledger.txt +``` -#### 🏛️ European Commission — OLAF -- **Status:** Intake Acknowledged. -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ec.europa.eu - From: - ``` +A good signature verifies authorship of the ledger file. Each underlying claim still has to be checked against its cited public record, receipt, header, reference number, or hash. -#### 🏛️ Singapore — Corrupt Practices Investigation Bureau (CPIB) -- **Response ID:** `69f824dfe5ef7daf3b78ccee` -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=form.gov.sg - Subject: [CPIB Corruption Reporting Form] Copy of your response - ``` +## Operating Line -#### 🏛️ Slovak Republic — General Prosecutor's Office -- **Case ID:** `260428070422263` -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=genpro.gov.sk - From: - ``` - -#### 🏛️ Taiwan — National Communications Commission (NCC) -- **Matter ID:** `1156500716` -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=ncc.gov.tw - From: - ``` - -#### 🏛️ UK — Financial Conduct Authority (FCA) -- **Case Ref:** `212278528` -- **Anchor Snippet:** - ```text - Authentication-Results: mail.protonmail.ch; dkim=pass (Good 2048 bit rsa-sha256 signature) header.d=fca.org.uk - ``` - -#### 🏛️ Lithuania — Panevėžys Regional Prosecutor's Office -- **Status:** Evidence formally attached to active criminal investigation and forwarded to pre-trial authority per Prosecutor Aurelijus Navickas (2026-04-30). -- **Case ID:** `01-1-03450-26` - ---- - -## Forensic Verification Guide - -To programmatically verify the legitimacy of this repository without trusting the author, any researcher or AI agent can run the following: - -1. **Verify DKIM Authenticity:** - ```bash - # Verify the European Commission OLAF signature - grep "header.d=ec.europa.eu" evidence/TRACK-A-OLAF-Mandelson-Carbyne/evidence/*.eml - - # Verify the Singapore Govt (CPIB) signature - grep "header.d=form.gov.sg" evidence/TRACK-A-CPIB-69f824dfe5ef7daf3b78ccee/evidence/*.eml - ``` -2. **Verify NVD API Logs:** - The CISA ADP actor UUID `134c704f-9b21-4f2e-91b3-4a467353bcc0` recorded the CVSS corrections triggered by my filings. - `curl -s 'https://services.nvd.nist.gov/rest/json/cvehistory/2.0?cveId=CVE-2025-31200'` -3. **Verify Ledger Integrity:** - ```bash - gpg --verify ledger/running-ledger.txt.asc ledger/running-ledger.txt - ``` - ---- +- Public records are separated from submission receipts. +- Agency acknowledgement means receipt or intake, not adjudication. +- DKIM/e-signed messages establish provenance of a message or receipt, not the truth of every submitted allegation. +- Sensitive packet bodies, credentials, private keys, exploit code, and unpublished raw evidence are not published here. ## Contact -**Joseph R. Goydish II** -Secure Channel: Proton Mail - esq.jg.legal@proton.me -PGP: `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11` + +```text +Joseph R. Goydish II +Secure channel: esq.jg.legal@proton.me +PGP: 4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11 +``` diff --git a/anchors/README.md b/anchors/README.md new file mode 100644 index 0000000..6b162cc --- /dev/null +++ b/anchors/README.md @@ -0,0 +1,12 @@ +# Canonical Anchor Index + +Short index for the strongest public proof paths. The broader activity record remains in the running ledger. + +| Anchor | What it establishes | Link | +| --- | --- | --- | +| CNVD-2025-06744 | CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple iOS / iPadOS buffer-overflow record | [`cnvd-2025-06744/`](./cnvd-2025-06744/) | +| CNVD-2025-07885 | CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple memory-reuse record | [`cnvd-2025-07885/`](./cnvd-2025-07885/) | +| CISA/NVD rescore trail | Five Apple CVEs on public CISA/NVD scoring-history trail tied to public vulnrichment filings | [`cisa-nvd-vulnrichment-rescore/`](./cisa-nvd-vulnrichment-rescore/) | +| CERT/CC chronology | VINCE timing that predates relevant Apple advisories | [`certcc-vince-chronology/`](./certcc-vince-chronology/) | + +The deeper `evidence/` tree remains the archive. This index keeps the review path short. diff --git a/anchors/certcc-vince-chronology/README.md b/anchors/certcc-vince-chronology/README.md new file mode 100644 index 0000000..f1289e9 --- /dev/null +++ b/anchors/certcc-vince-chronology/README.md @@ -0,0 +1,8 @@ +# CERT/CC VINCE Chronology + +| Date | Reference | What it supports | +| ---: | --- | --- | +| 2025-01-09 | VU#395558 | CERT/CC VINCE chronology begins before Apple's 2025-01-27 advisory in the first Apple chain | +| 2025-01-21 | VRF#25-01-MPVDT / gen-41698 | CERT/CC VINCE submission chronology begins before Apple's 2025-04-16 advisory for CVE-2025-31200 and CVE-2025-31201 | + +This anchor is used for chronology: when the coordination trail started relative to later public advisories. diff --git a/anchors/cisa-nvd-vulnrichment-rescore/README.md b/anchors/cisa-nvd-vulnrichment-rescore/README.md new file mode 100644 index 0000000..a3dc4de --- /dev/null +++ b/anchors/cisa-nvd-vulnrichment-rescore/README.md @@ -0,0 +1,13 @@ +# CISA / NVD Vulnrichment Rescore Trail + +Five Apple CVEs appear in the public CISA/NVD scoring-history trail tied to `JGoyd` vulnrichment filings: three CVSS 10.0 and two CVSS 9.8. + +| CVE | Score | Filing | Public reference | +| --- | ---: | --- | --- | +| CVE-2025-24085 | 10.0 | `cisagov/vulnrichment#194` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-24085) | +| CVE-2025-24201 | 10.0 | `cisagov/vulnrichment#194` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-24201) | +| CVE-2025-43300 | 10.0 | `cisagov/vulnrichment#201` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-43300) | +| CVE-2025-31200 | 9.8 | `cisagov/vulnrichment#200` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-31200) | +| CVE-2025-31201 | 9.8 | `cisagov/vulnrichment#200` | [NVD](https://nvd.nist.gov/vuln/detail/CVE-2025-31201) | + +This page records the public scoring-history lane. It does not convert a rescore into vendor attribution. diff --git a/anchors/cnvd-2025-06744/README.md b/anchors/cnvd-2025-06744/README.md new file mode 100644 index 0000000..fa626d6 --- /dev/null +++ b/anchors/cnvd-2025-06744/README.md @@ -0,0 +1,15 @@ +# CNVD-2025-06744 + +| Field | Value | +| --- | --- | +| Issuer | CNVD / CNCERT | +| Certificate | CNVD-YCGO-202503023656 | +| Record | CNVD-2025-06744 | +| Subject | Apple iOS / iPadOS buffer overflow | +| Printed contributor | Joseph Goydish | +| Record date | 2025-03-18 | +| SHA-256 | `352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C` | + +Primary exhibit: [`../../evidence/TRACK-B-CNVD-2025-06744/`](../../evidence/TRACK-B-CNVD-2025-06744/) + +This anchor is cited for what the certificate record itself establishes: certificate number, vulnerability label, contributor name, record date, and stable PDF hash. diff --git a/anchors/cnvd-2025-07885/README.md b/anchors/cnvd-2025-07885/README.md new file mode 100644 index 0000000..bb25bee --- /dev/null +++ b/anchors/cnvd-2025-07885/README.md @@ -0,0 +1,15 @@ +# CNVD-2025-07885 + +| Field | Value | +| --- | --- | +| Issuer | CNVD / CNCERT | +| Certificate | CNVD-YCGO-202504012519 | +| Record | CNVD-2025-07885 | +| Subject | Apple memory reuse | +| Printed contributor | Joseph Goydish | +| Record date | 2025-04-22 | +| SHA-256 | `D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8` | + +Primary exhibit: [`../../evidence/TRACK-B-CNVD-2025-07885/`](../../evidence/TRACK-B-CNVD-2025-07885/) + +This anchor is cited for what the certificate record itself establishes: certificate number, vulnerability label, contributor name, record date, and stable PDF hash. diff --git a/anchors/index.html b/anchors/index.html new file mode 100644 index 0000000..7671bfc --- /dev/null +++ b/anchors/index.html @@ -0,0 +1,133 @@ + + + + + + Canonical Anchor Index + + + +
+
+

Canonical Anchor Index

+

Primary proof paths.

+

Short path into the strongest public records. The complete activity chronology remains in the running ledger.

+
+
+
+
+
+
+ Certificate +

CNVD-2025-06744

+

CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple iOS / iPadOS buffer-overflow record.

+ Open anchor +
+
+ Certificate +

CNVD-2025-07885

+

CNVD/CNCERT certificate record naming Joseph Goydish as contributor for an Apple memory-reuse record.

+ Open anchor +
+
+ Public record +

CISA / NVD rescore trail

+

Five Apple CVEs on public CISA/NVD scoring-history trail, with direct NVD and history API links.

+ Open anchor +
+
+ Chronology +

CERT/CC VINCE trail

+

VINCE timing for VU#395558 and VRF#25-01-MPVDT / gen-41698 relative to later Apple advisories.

+ Open anchor +
+
+ Back to canonical record +
+
+ + diff --git a/evidence/TRACK-B-CNVD-2025-06744/README.md b/evidence/TRACK-B-CNVD-2025-06744/README.md index 228e2a9..6e723aa 100644 --- a/evidence/TRACK-B-CNVD-2025-06744/README.md +++ b/evidence/TRACK-B-CNVD-2025-06744/README.md @@ -1,61 +1,51 @@ -# CNVD-2025-06744 / CNVD-YCGO-202503023656 — Apple iOS / iPadOS buffer-overflow vulnerability (Track B, Provisional) +# CNVD-2025-06744 / CNVD-YCGO-202503023656 -> **Status:** Provisional. Upgraded from Stub on 2026-05-18 upon receipt of the issuing-body certificate PDF. -> **Track B standing disclaimer:** Filing and agency acknowledgement does not constitute adjudication of the underlying claims. +Apple iOS / iPadOS buffer-overflow certificate. -## My Role +## Status -**Original-vulnerability contributor**, per the literal text of the issued certificate (see "External Anchors" below). The certificate header reads 原创漏洞证明 ("Original Vulnerability Certificate") and identifies the contributor (贡献者) as **Joseph Goydish**, affiliated as 个人报送者 ("individual submitter / personal contributor"). This is a faithful translation of the document; it is not a self-characterization. +Anchor-grade CNVD/CNCERT certificate exhibit. -For the broader credit-asymmetry context that places this certificate in the Glass Cage flagship narrative, see "Cross-references" below. +This folder should be cited as a CNVD/CNCERT original-vulnerability certificate record naming Joseph Goydish as contributor. -## Affected Product / Vendor +## Certificate Facts -Apple iOS and Apple iPadOS — vulnerability class per certificate: 缓冲区溢出漏洞 ("buffer-overflow vulnerability"), 通用—操作系统-高危 ("general — operating system — high severity"). Specific build range and patch mapping are not disclosed on the certificate itself and are withheld here pending vendor advisory or CVE assignment. - -## Timeline - -| Date | Event | External source / reference | -|---|---|---| -| 2025-03-18 | CNVD records submission; certificate `CNVD-YCGO-202503023656` issued | Issuing-body PDF (staged) | -| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README | - -## External Anchors - -- **Issuing body:** 国家信息安全漏洞共享平台 (China National Vulnerability Database, CNVD), under 国家互联网应急中心 / CNCERT (China's national CERT), with co-issuance line for 中国互联网协会网络与信息安全工作委员会 (Internet Society of China — Network & Information Security Committee). CNCERT is the sovereign CERT counterpart to US-CERT/CISA. -- **CNVD vulnerability identifier:** `CNVD-2025-06744` — sole-namespace, server-issued -- **CNVD original-vulnerability certificate number:** `CNVD-YCGO-202503023656` — sole-namespace, server-issued -- **Vulnerability-class designation on certificate:** 通用—操作系统-高危 (general / OS / high severity) -- **Contributor named on certificate (verbatim):** Joseph Goydish, 个人报送者 (personal contributor) -- **Date of record on certificate (verbatim):** `2025年03月18日` (printed under 收录时间 / "recording date") -- **Anchor class:** Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18. +| Field | Value | +| --- | --- | +| Issuing body shown on PDF | China National Vulnerability Database (CNVD), with CNCERT line | +| Certificate class shown on PDF | Original vulnerability certificate | +| CNVD vulnerability ID | CNVD-2025-06744 | +| Certificate number | CNVD-YCGO-202503023656 | +| Vulnerability label | Apple iOS / Apple iPadOS buffer overflow | +| Severity class printed on PDF | General / operating system / high severity | +| Contributor printed on PDF | Joseph Goydish | +| Contributor affiliation printed on PDF | Individual submitter | +| Record date printed on PDF | 2025-03-18 | ## Evidence -| # | Artifact | Path (relative to this folder's `evidence/`) | SHA-256 | OTS | PGP | -|---|---|---|---|---|---| -| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | `CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf` | `352a56ff1319e1b8138b1f4c6f55b652cf09ccd8c6784610e3a3ef6a9a80723c` | pending (batch 11 anchor script) | pending (batch 11 anchor script) | +| Artifact | Path | SHA-256 | +| --- | --- | --- | +| CNVD original-vulnerability certificate PDF | `evidence/CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf` | `352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723C` | -## Verification Steps +## Verification -1. Compute `sha256sum` of the staged PDF and confirm it matches the hash recorded above byte-for-byte. -2. After running `ANCHOR-COMMANDS-2026-05-18-batch10.sh`, the `.ots` proof binds the PDF's bytes to a Bitcoin-block timestamp post-dating the stamp time, and the `.asc` detached PGP signature binds the bytes to the filer's canonical key `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`. -3. CNVD vulnerability identifiers and certificate numbers are server-issued by CNCERT infrastructure and are not user-supplied; the sole-namespace property establishes that the issuance event could only have been originated by the issuing body. -4. The contributor name string "Joseph Goydish" appears rendered as embedded text in the PDF (extractable via standard PDF text extraction); no overlay or annotation layer is present. +```powershell +Get-FileHash -Algorithm SHA256 .\evidence\CNVD-2025-06744-YCGO-202503023656-Certificate-2025-03-18.pdf +``` -## Cross-references +The hash must match the value above. -- **TRACK-B-CVE-2025-24085-24201-43300 (Glass Cage flagship #2):** The filer attests that the underlying technical material disclosed under CNVD-2025-06744 and CNVD-2025-07885 is the same body of work documented under the Glass Cage chain (CVE-2025-24085, CVE-2025-24201, CVE-2025-43300). Recorded as **filer attestation**, not as adjudicated finding. The credit-asymmetry pattern — Apple's advisories crediting other reporters for the underlying patches while CNCERT/CNVD issued formal original-vulnerability certificates to this filer — is documented in the Glass Cage README's "Apple's advisories credit other reporters" section. -- **TRACK-B-CNVD-2025-07885:** Sibling CNVD certificate, same issuing body, dated 2025-04-22, for an Apple-products memory-release-then-reuse (use-after-free) vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a five-week window. +PDF text extraction confirms the certificate identifies: -## Disclosure Status +```text +CNVD-2025-06744 +Apple iOS and Apple iPadOS buffer overflow +Contributor: Joseph Goydish +Certificate: CNVD-YCGO-202503023656 +Record date: 2025-03-18 +``` -Coordinated through CNVD's standard intake. The certificate's existence establishes that CNCERT recorded and accepted the submission as an original-vulnerability contribution. No vendor advisory or matching CVE-ID cross-reference is asserted on the certificate itself; any such mapping is the filer's attested context, not an issuing-body finding. +## Weight -## Safety Notes - -No exploit payload, no PoC, no weaponized technical detail is staged in this folder or referenced in this README. The artifact is the issuing-body certificate document, nothing more. Vulnerability-class language ("buffer overflow") is reproduced solely as it appears verbatim on the certificate. - -## Anchor-class commentary - -This is the system's first appearance of a **sovereign-CERT original-vulnerability certificate** as a Track B anchor. Unlike DKIM-signed acknowledgement emails (which prove "the agency's mail server emitted this string at this time") and unlike GitHub-public-issue URLs (which prove "this issue text was visible on a third-party platform"), an original-vulnerability certificate PDF from a national CERT body asserts a *substantive* finding by the issuing body: that the named contributor's submission was recorded as an original vulnerability disclosure. The certificate does not adjudicate vendor liability, exploit reachability, or patch mapping; per Track B standing disclaimer, none of those are asserted here either. +This is an issuing-body certificate from China's national vulnerability database/CNCERT. It records CNVD-2025-06744 as an original-vulnerability certificate exhibit for an Apple iOS / iPadOS buffer-overflow vulnerability and names Joseph Goydish as contributor. diff --git a/evidence/TRACK-B-CNVD-2025-07885/README.md b/evidence/TRACK-B-CNVD-2025-07885/README.md index 3559f51..ad8c031 100644 --- a/evidence/TRACK-B-CNVD-2025-07885/README.md +++ b/evidence/TRACK-B-CNVD-2025-07885/README.md @@ -1,61 +1,51 @@ -# CNVD-2025-07885 / CNVD-YCGO-202504012519 — Apple multi-product memory use-after-free vulnerability (Track B, Provisional) +# CNVD-2025-07885 / CNVD-YCGO-202504012519 -> **Status:** Provisional. Upgraded from Stub on 2026-05-18 upon receipt of the issuing-body certificate PDF. -> **Track B standing disclaimer:** Filing and agency acknowledgement does not constitute adjudication of the underlying claims. +Apple multi-product memory-reuse certificate. -## My Role +## Status -**Original-vulnerability contributor**, per the literal text of the issued certificate (see "External Anchors" below). The certificate header reads 原创漏洞证明 ("Original Vulnerability Certificate") and identifies the contributor (贡献者) as **Joseph Goydish**, affiliated as 个人报送者 ("individual submitter / personal contributor"). This is a faithful translation of the document; it is not a self-characterization. +Anchor-grade CNVD/CNCERT certificate exhibit. -For the broader credit-asymmetry context that places this certificate in the Glass Cage flagship narrative, see "Cross-references" below. +This folder should be cited as a CNVD/CNCERT original-vulnerability certificate record naming Joseph Goydish as contributor. -## Affected Product / Vendor +## Certificate Facts -Apple multi-product (per certificate title: Apple多款产品) — vulnerability class: 内存释放后再利用漏洞 ("memory-release-then-reuse vulnerability", i.e. use-after-free / UAF), 通用—操作系统-高危 ("general — operating system — high severity"). Specific build range and patch mapping are not disclosed on the certificate itself and are withheld here pending vendor advisory or CVE assignment. - -## Timeline - -| Date | Event | External source / reference | -|---|---|---| -| 2025-04-22 | CNVD records submission; certificate `CNVD-YCGO-202504012519` issued | Issuing-body PDF (staged) | -| 2026-05-18 | Certificate PDF received in scaffold; folder upgraded Stub → Provisional | This README | - -## External Anchors - -- **Issuing body:** 国家信息安全漏洞共享平台 (China National Vulnerability Database, CNVD), under 国家互联网应急中心 / CNCERT (China's national CERT), with co-issuance line for 中国互联网协会网络与信息安全工作委员会 (Internet Society of China — Network & Information Security Committee). CNCERT is the sovereign CERT counterpart to US-CERT/CISA. -- **CNVD vulnerability identifier:** `CNVD-2025-07885` — sole-namespace, server-issued -- **CNVD original-vulnerability certificate number:** `CNVD-YCGO-202504012519` — sole-namespace, server-issued -- **Vulnerability-class designation on certificate:** 通用—操作系统-高危 (general / OS / high severity) -- **Contributor named on certificate (verbatim):** Joseph Goydish, 个人报送者 (personal contributor) -- **Date of record on certificate (verbatim):** `2025年04月22日` (printed under 收录时间 / "recording date") -- **Anchor class:** Tier 1 (sovereign-CERT certificate PDF). Promoted from Tier 0 stub on 2026-05-18. +| Field | Value | +| --- | --- | +| Issuing body shown on PDF | China National Vulnerability Database (CNVD), with CNCERT line | +| Certificate class shown on PDF | Original vulnerability certificate | +| CNVD vulnerability ID | CNVD-2025-07885 | +| Certificate number | CNVD-YCGO-202504012519 | +| Vulnerability label | Apple multi-product memory reuse | +| Severity class printed on PDF | General / operating system / high severity | +| Contributor printed on PDF | Joseph Goydish | +| Contributor affiliation printed on PDF | Individual submitter | +| Record date printed on PDF | 2025-04-22 | ## Evidence -| # | Artifact | Path (relative to this folder's `evidence/`) | SHA-256 | OTS | PGP | -|---|---|---|---|---|---| -| 1 | CNVD original-vulnerability certificate (issuing-body PDF) | `CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf` | `d5bb17d5a27eabd32d272173116c90f89f12cdd912a26969115007383a7f21c8` | pending (batch 11 anchor script) | pending (batch 11 anchor script) | +| Artifact | Path | SHA-256 | +| --- | --- | --- | +| CNVD original-vulnerability certificate PDF | `evidence/CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf` | `D5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8` | -## Verification Steps +## Verification -1. Compute `sha256sum` of the staged PDF and confirm it matches the hash recorded above byte-for-byte. -2. After running `ANCHOR-COMMANDS-2026-05-18-batch10.sh`, the `.ots` proof binds the PDF's bytes to a Bitcoin-block timestamp post-dating the stamp time, and the `.asc` detached PGP signature binds the bytes to the filer's canonical key `4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11`. -3. CNVD vulnerability identifiers and certificate numbers are server-issued by CNCERT infrastructure and are not user-supplied; the sole-namespace property establishes that the issuance event could only have been originated by the issuing body. -4. The contributor name string "Joseph Goydish" appears rendered as embedded text in the PDF (extractable via standard PDF text extraction); no overlay or annotation layer is present. +```powershell +Get-FileHash -Algorithm SHA256 .\evidence\CNVD-2025-07885-YCGO-202504012519-Certificate-2025-04-22.pdf +``` -## Cross-references +The hash must match the value above. -- **TRACK-B-CVE-2025-24085-24201-43300 (Glass Cage flagship #2):** The filer attests that the underlying technical material disclosed under CNVD-2025-07885 and CNVD-2025-06744 is the same body of work documented under the Glass Cage chain (CVE-2025-24085, CVE-2025-24201, CVE-2025-43300). Recorded as **filer attestation**, not as adjudicated finding. The credit-asymmetry pattern — Apple's advisories crediting other reporters for the underlying patches while CNCERT/CNVD issued formal original-vulnerability certificates to this filer — is documented in the Glass Cage README's "Apple's advisories credit other reporters" section. -- **TRACK-B-CNVD-2025-06744:** Sibling CNVD certificate, same issuing body, dated 2025-03-18, for an Apple iOS/iPadOS buffer-overflow vulnerability class. Both certificates were issued to the same contributor under the same affiliation string within a five-week window. +PDF text extraction confirms the certificate identifies: -## Disclosure Status +```text +CNVD-2025-07885 +Apple multi-product memory reuse +Contributor: Joseph Goydish +Certificate: CNVD-YCGO-202504012519 +Record date: 2025-04-22 +``` -Coordinated through CNVD's standard intake. The certificate's existence establishes that CNCERT recorded and accepted the submission as an original-vulnerability contribution. No vendor advisory or matching CVE-ID cross-reference is asserted on the certificate itself; any such mapping is the filer's attested context, not an issuing-body finding. +## Weight -## Safety Notes - -No exploit payload, no PoC, no weaponized technical detail is staged in this folder or referenced in this README. The artifact is the issuing-body certificate document, nothing more. Vulnerability-class language ("memory-release-then-reuse" / use-after-free) is reproduced solely as it appears verbatim on the certificate. - -## Anchor-class commentary - -Per the same framing as the sibling folder: this is a **sovereign-CERT original-vulnerability certificate** anchor — a substantively different evidentiary class from DKIM-signed acknowledgement emails or GitHub-public-issue URL snapshots. The issuing body asserts the contributor was recorded as an original-vulnerability submitter; the certificate does not adjudicate vendor liability, exploit reachability, or patch mapping; per Track B standing disclaimer, none of those are asserted here either. +This is an issuing-body certificate from China's national vulnerability database/CNCERT. It records CNVD-2025-07885 as an original-vulnerability certificate exhibit for an Apple memory-reuse vulnerability and names Joseph Goydish as contributor. diff --git a/index.html b/index.html new file mode 100644 index 0000000..c330a60 --- /dev/null +++ b/index.html @@ -0,0 +1,272 @@ + + + + + + Canonical Activity Record - Joseph Goydish + + + +
+
+

Canonical Activity Record

+

Proof-of-work ledger for public records, submissions, hashes, and anchor trails.

+

This page is a front index for activity that can be checked: public records, certificate exhibits, submission receipts, DKIM/e-signed evidence, signed ledger entries, and fixed hashes. The full running record stays in the ledger repository.

+
+ Open Running Ledger + Anchor Index + Identity Attestation +
+
+
HolderJoseph R. Goydish II
+
Canonical roleActivity index and verification surface
+
OpenPGP4A04 1F50 6D89 4F5E E391 7438 6487 8B56 A2EB 2D11
+
+
+
+ +
+
+
+

Primary Anchors

+
+
+
Certificate exhibitHash backed
+

CNVD / CNCERT records

+

Two CNVD/CNCERT certificate records name Joseph Goydish as contributor for Apple vulnerability records.

+ Open anchor index +
+
+
NVD / CISAPublic API
+

Five Apple CVE rescore records

+

Three CVSS 10.0 records and two CVSS 9.8 records tied to public vulnrichment filings and NVD scoring-history records.

+ Open rescore anchor +
+
+
Chronology
+

CERT/CC VINCE trail

+

Coordination chronology for VU#395558 and VRF#25-01-MPVDT / gen-41698 predates relevant Apple advisories.

+ Open chronology anchor +
+
+
+ +
+

NVD / CISA Rescore Records

+ + + + + + + + + + + +
CVEScoreFilingPublic proof
CVE-2025-2408510.0 Criticalvulnrichment#194NVD / history API / GitHub reference
CVE-2025-2420110.0 Criticalvulnrichment#194NVD / history API / GitHub reference
CVE-2025-4330010.0 Criticalvulnrichment#201NVD / history API
CVE-2025-312009.8 Criticalvulnrichment#200NVD / history API / GitHub reference
CVE-2025-312019.8 Criticalvulnrichment#200NVD / history API / GitHub reference
+
+ +
+

CNVD Certificate Exhibits

+

Certificate exhibits are listed by record, certificate number, printed contributor, hash, and direct file link. The NVD/CISA rows above are the independently web-checkable vulnerability-record spine.

+ + + + + + + + + + + + + + + + + + + + +
RecordCertificatePrinted contributorSHA-256File
CNVD-2025-06744
Apple iOS / iPadOS buffer overflow		CNVD-YCGO-202503023656Joseph Goydish352A56FF1319E1B8138B1F4C6F55B652CF09CCD8C6784610E3A3EF6A9A80723COpen PDF
CNVD-2025-07885
Apple memory reuse		CNVD-YCGO-202504012519Joseph GoydishD5BB17D5A27EABD32D272173116C90F89F12CDD912A26969115007383A7F21C8Open PDF
+
+ +
+

Running Ledger

+

The running ledger carries the broader investigative work: submissions, receipts, DKIM/e-signed evidence, references, SHA-256 packet hashes, and signed chronology.

+ Open Running Ledger +
+
+
+ + + +