Create README.md

README.md

@@ -0,0 +1,54 @@
+#  Apple Internal Certificate Compromise 
+
+**TL;DR:**  
+A **retail iPhone** contained an **AppleCare Profile Signing Certificate** — an **internal-only credential that never ships to users** — with a **serial number not issued by Apple**, yet trusted by iOS. Alongside this, **internal voice and Siri logging payloads** were active, capturing **unredacted telemetry**. This is a **full-chain trust breach**, impossible via legitimate means.
+
+---
+
+##  Key Facts
+
+### 1. Internal-Only AppleCare Certificate on Device
+- Exists only in Apple's private signing infrastructure  
+- **Never** installed on consumer devices  
+- Indicates **unauthorized Apple-trusted signing material**
+
+### 2. Serial Number Not Issued by Apple
+```
+0xb745972d0f5e989
+```
+- Chains to Apple CA but **not in any Apple-issued cert catalog**  
+- Confirms **cryptographic compromise**
+
+---
+
+## ⚠️ Supporting Payloads
+
+### Payload 1 — VoiceServices Logging
+```
+UUID: CCCDC519-2EA7-4A1D-93B6-DD4F026F6629
+Level: Debug (7), PUBLIC, Persist: TRUE
+```
+
+### Payload 2 — Siri Subsystems Logging
+```
+UUID: 2cb17420-1f7a-012e-6679-442c03067622
+28 internal subsystems active
+Unredacted, max verbosity, persistent
+```
+
+### Payload 3 — Speech Logging
+```
+UUID: 01BEC389-FD6A-45FA-8AE1-F9442AA43B60
+Speech logging: ENABLED
+```
+
+**Impact:** Retail device running **internal Apple telemetry**, impossible via consumer config.
+
+---
+
+## 🧨 Combined Interpretation
+- Internal-only AppleCare cert present  
+- Serial number not issued by Apple, yet trusted  
+- Multiple internal telemetry payloads active  
+
+**Conclusion:** Privileged, unauthorized profile-level compromise.