From 5dcbbd1f7c29b9e48aebdf7034257be299262d7e Mon Sep 17 00:00:00 2001 From: JGoyd Date: Thu, 21 Aug 2025 21:20:49 -0400 Subject: [PATCH] README.md --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 1f5a13f..dd76989 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,11 @@ A critical fail-open flaw in Apple’s AppleMediaServices framework allows reque When the Bag cannot be retrieved—due to DNS manipulation, timeouts, or network interference—AppleMediaServices daemons disable Mescal/Absinthe signing and send unsigned requests to Apple servers. These requests lack integrity protections and expose users to downgrade and replay attacks. +**Log Evidence:** + +https://ia600207.us.archive.org/11/items/fail-open-log-evidence-in-apple-media-services/Fail%20Open%20Log%20Evidence%20in%20AppleMediaServices.mov + + **Discovery** * Date: August 20, 2025 @@ -18,12 +23,8 @@ When the Bag cannot be retrieved—due to DNS manipulation, timeouts, or network **Affected Systems** -All Apple platforms that use `AppleMediaServices.framework` are affected: +All Apple platforms that use `AppleMediaServices.framework` are affected. -* iOS versions 14 through 18.6+ -* macOS versions Big Sur through Sonoma -* tvOS version 14 and above -* watchOS version 7 and above Impacted daemons include: @@ -62,6 +63,7 @@ Result: Unsigned traffic is transmitted to Apple endpoints without verification. This allows manipulation, replay, and other integrity risks. + Disclaimer: This proof of concept was not executed against production Apple infrastructure. All observations are based on local logs and controlled network conditions. No unauthorized probing or exploitation was performed.