diff --git a/README.md b/README.md
index fbf9318..30c6b02 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,61 @@
-# iOS-Activation-Flaw
-A critical vulnerability in Apple’s iOS activation backend allows injection of unauthenticated XML .plist payloads during the device setup phase. The flaw permits arbitrary provisioning changes without authentication, signature verification, or error feedback; exposing devices to pre-activation tampering &amp; persistent configuration manipulation.
+# Apple iOS Activation Infrastructure Vulnerability
+
+
+
+## Overview
+
+A **critical vulnerability** exists in Apple’s device activation infrastructure.  
+
+The backend endpoint: 
+
+https://humb.apple.com/humbug/baa
+
+accepts **unauthenticated and unsigned XML property list (.plist) payloads**, exposing devices to **pre-activation tampering** during the setup phase.
+
+
+
+## Impact
+
+- **Arbitrary Provisioning:** Attackers can inject custom provisioning logic into the activation workflow.  
+
+- **Bypass Security:** MDM enrollment, signature checks, and user consent are fully bypassed.  
+
+- **Persistence:** Malicious profiles and configurations remain after activation.  
+
+- **Attack Vectors:** Exploitable remotely via captive portals, rogue access points, or compromised provisioning servers.  
+
+- **Techniques:** XML External Entity (XXE) injection, malformed payload acceptance, and silent background task injection.  
+
+
+
+Server responses confirm consistent **HTTP 200 OK** acceptance of illicit payloads without validation.
+
+
+
+## Risk
+
+- **Enterprise & Supply Chain:** Devices can be manipulated before reaching end users.  
+
+- **Stealth:** Changes are invisible to standard logs and forensic tools.  
+
+- **High Severity:** Exploitation requires no jailbreak or physical access.  
+
+
+
+## Status
+
+- **Case Assigned:** CERT/CC acknowledged, **VRF#25-05-RCKYK** on **May 19, 2025**.  
+
+- **Vendor Response:** Apple remains **unresponsive** as of publication.  
+
+- **Mitigation:** No patch available.  
+
+
+
+## Recommended Actions
+
+- Block or monitor traffic to `humb.apple.com/humbug/baa`.  
+
+- Inspect provisioning workflows for anomalies.  
+
+- Treat newly provisioned devices as potentially untrusted until a vendor fix is issued.