mirror of
https://github.com/JGoyd/iCloud-PCS-Corruption.git
synced 2026-06-09 05:13:54 +02:00
Update README.md
This commit is contained in:
Joseph Goydish II
committed by
GitHub
GitHub
parent
834ddec9b0
commit
d028883576
@@ -1,2 +1,72 @@
|
||||
# iCloud-PCS-Corruption
|
||||
CVE Pending - Apple iOS iCloud Backup Lacks PCS Keychain Integrity Validation
|
||||
|
||||
**CVE:** Pending Assignment
|
||||
**CVSS:** 8.1 (HIGH)
|
||||
**Discoverer:** Joseph Goydish II
|
||||
**Discovery Date:** November 27, 2025
|
||||
**Status:** Coordinated Disclosure in Progress
|
||||
|
||||
---
|
||||
|
||||
## Summary
|
||||
|
||||
Apple's iCloud backup system does not validate the integrity of Protected Cloud Storage (PCS) keychain data during backup creation or restoration. This allows corrupted keychain entries to persist indefinitely in user backups and restore silently to devices without detection or user warning.
|
||||
|
||||
## Impact
|
||||
|
||||
- Affects all iOS/iPadOS users with iCloud backup enabled
|
||||
- Enables indefinite persistence of keychain corruption across devices
|
||||
- Bypasses security patches through backup restoration
|
||||
- Affects ALL past iOS vulnerabilities (not just recent exploits)
|
||||
- No user remediation tools available
|
||||
|
||||
## Discovery
|
||||
|
||||
This vulnerability was discovered on November 27, 2025 through diagnostic analysis of an iOS 26.1 device showing:
|
||||
- Corrupted keychain state (`circle_status: "Error"`)
|
||||
- All PCS views showing `"unknown"` status
|
||||
- Invalid epoch timestamps (1970-01-01) in keychain entries
|
||||
- Active iCloud backup syncing corrupted data without validation
|
||||
|
||||
## Disclosure Status
|
||||
|
||||
- **Vendor Notification:** November 28, 2025
|
||||
- Apple Product Security (Tracking: OE01004512688207)
|
||||
- **US-CERT Coordination:** November 28, 2025
|
||||
- CISA VINCE portal submission (Tracking: VRF#25-11-SQRSK)
|
||||
- **CVE Assignment:** Pending
|
||||
- **Public Disclosure:** Following coordinated disclosure timeline
|
||||
|
||||
## Repository Contents
|
||||
|
||||
- `VULNERABILITY_REPORT.md` - Complete technical analysis and CVE request
|
||||
- `evidence/` - Diagnostic files from iOS 26.1 device
|
||||
- `submissions/` - Documentation of disclosure process
|
||||
- `TIMELINE.md` - Discovery and disclosure chronology
|
||||
|
||||
## Attribution
|
||||
|
||||
**Discovered by:** Joseph Goydish II
|
||||
**Contact:** 077sanbox_escape@proton.me
|
||||
**Discovery Date:** November 27, 2025
|
||||
|
||||
## Disclosure Policy
|
||||
|
||||
This repository is currently **PRIVATE** during coordinated disclosure with Apple and US-CERT. It will be made public following:
|
||||
- CVE assignment, AND
|
||||
- Vendor patch availability, OR
|
||||
- 90 days from vendor notification (standard disclosure timeline)
|
||||
|
||||
Whichever comes first.
|
||||
|
||||
---
|
||||
|
||||
**Copyright © 2025 Joseph Goydish II. All rights reserved.**
|
||||
|
||||
This research may be freely shared for educational and security purposes with proper attribution.
|
||||
EOF
|
||||
|
||||
git add README.md
|
||||
git commit -m "Add README with discovery attribution and disclosure status"
|
||||
git push origin main
|
||||
|
||||
Reference in New Issue
Block a user