CalvinBackup/iCloud-PCS-Corruption
1
0
Fork 0
mirror of https://github.com/JGoyd/iCloud-PCS-Corruption.git synced 2026-02-12 22:02:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
Evidence-Package
iCloud-PCS-Corruption/README.md
Joseph Goydish II d028883576 Update README.md
2025-11-28 16:35:44 -05:00

2.5 KiB
Raw Permalink Blame History

iCloud-PCS-Corruption

CVE Pending - Apple iOS iCloud Backup Lacks PCS Keychain Integrity Validation

CVE: Pending Assignment
CVSS: 8.1 (HIGH)
Discoverer: Joseph Goydish II
Discovery Date: November 27, 2025
Status: Coordinated Disclosure in Progress

Summary

Apple's iCloud backup system does not validate the integrity of Protected Cloud Storage (PCS) keychain data during backup creation or restoration. This allows corrupted keychain entries to persist indefinitely in user backups and restore silently to devices without detection or user warning.

Impact

  • Affects all iOS/iPadOS users with iCloud backup enabled
  • Enables indefinite persistence of keychain corruption across devices
  • Bypasses security patches through backup restoration
  • Affects ALL past iOS vulnerabilities (not just recent exploits)
  • No user remediation tools available

Discovery

This vulnerability was discovered on November 27, 2025 through diagnostic analysis of an iOS 26.1 device showing:

  • Corrupted keychain state (circle_status: "Error")
  • All PCS views showing "unknown" status
  • Invalid epoch timestamps (1970-01-01) in keychain entries
  • Active iCloud backup syncing corrupted data without validation

Disclosure Status

  • Vendor Notification: November 28, 2025
    • Apple Product Security (Tracking: OE01004512688207)
  • US-CERT Coordination: November 28, 2025
    • CISA VINCE portal submission (Tracking: VRF#25-11-SQRSK)
    • CVE Assignment: Pending
  • Public Disclosure: Following coordinated disclosure timeline

Repository Contents

  • VULNERABILITY_REPORT.md - Complete technical analysis and CVE request
  • evidence/ - Diagnostic files from iOS 26.1 device
  • submissions/ - Documentation of disclosure process
  • TIMELINE.md - Discovery and disclosure chronology

Attribution

Discovered by: Joseph Goydish II
Contact: 077sanbox_escape@proton.me
Discovery Date: November 27, 2025

Disclosure Policy

This repository is currently PRIVATE during coordinated disclosure with Apple and US-CERT. It will be made public following:

  • CVE assignment, AND
  • Vendor patch availability, OR
  • 90 days from vendor notification (standard disclosure timeline)

Whichever comes first.

Copyright © 2025 Joseph Goydish II. All rights reserved.

This research may be freely shared for educational and security purposes with proper attribution. EOF

git add README.md git commit -m "Add README with discovery attribution and disclosure status" git push origin main

Reference in New Issue View Git Blame Copy Permalink