diff --git a/README.md b/README.md new file mode 100644 index 0000000..1ca09b3 --- /dev/null +++ b/README.md @@ -0,0 +1,133 @@ +# iOS 18.6.2 — System-Wide Trust Collapse + +**TL;DR: A malformed trust anchor reload in iOS 18.6.2 caused broken encryption system-wide. TLS certificate checks silently failed, allowing unverified connections in Safari, Mail, iCloud, and other services—exposing users to spoofing and interception.** + +## Overview + +On **August 20, 2025**, logs from a real iPhone 14 running iOS 18.6.2 revealed a **critical failure in Apple’s trust system.** + +### In plain terms: + +* The iPhone temporarily stopped verifying whether websites, apps, and services were trustworthy. +* Every certificate was treated as valid — including potentially malicious ones. +* Security of Safari, Mail, iCloud, Bluetooth accessories, and even baseband radio was impacted. + +For a short window, the device operated as if all connections were secure, when they were not. + +--- + +## Why This Matters + +All iPhone security depends on certificate validation, which underpins: + +* The lock icon in Safari +* Authentication for iCloud services +* Encrypted communication with accessories and networks + +When checks fail in an **open state**: + +* Attackers can impersonate websites and Apple services +* Malicious accessories or networks can inject data or spoof updates +* Sensitive data may be intercepted or redirected without detection + +This is a worst-case failure mode because the system did **not** block traffic or alert the user — it silently accepted everything. + +--- + +## What Happened + +1. An Apple service (`financed`) encountered a permission error. +2. The system privacy daemon (`tccd`) incorrectly granted the permission. +3. The trust subsystem (`trustd`) reloaded its anchors, which failed with: + + ``` + Malformed anchor records, not an array + ``` +4. Despite the error, the system continued treating all certificates as valid. + +### Affected systems included: + +* Safari and WebKit-based apps +* iCloud and CloudKit +* Bluetooth and accessory management +* Baseband and cellular radio +* Apple’s privacy enforcement subsystem + +--- + +## Technical Highlights + +* **Key processes:** `trustd`, `securityd`, `nsurlsessiond`, `tccd`, `CommCenter` + +* **Error log:** + + ``` + trustd: Malformed anchor records, not an array + ``` + +* **Impact on ATS (App Transport Security):** + + ``` + set_ats_enforced = false + min_rsa_key_size = 0 + min_ecdsa_key_size = 0 + min_signature_algorithm = 0 + ``` + +* TLS handshakes advanced with pending trust evaluations but were still accepted. + +--- + +## Risk Profile + +| Category | Impact Description | +| --------------- | -------------------------------------------------------------------- | +| Confidentiality | TLS interception, iCloud impersonation, unencrypted traffic exposure | +| Integrity | Spoofed sync operations, malicious accessory provisioning | +| Availability | Crashes, trust errors, accessory pairing failures | +| Scope | System-wide — all trust-based subsystems affected | + +--- + +## Recommended Actions + +### For End Users + +* **Reboot** the device to restore a valid trust state. +* Avoid the following during a suspected failure window: + + * Pairing accessories + * Connecting to untrusted networks + * Performing iCloud syncs or installing updates +* Stay updated with the latest iOS patches. + +### For Security Teams + +**Detection Tips:** + +* `"Malformed anchor records"` in `trustd` +* `set_ats_enforced = false` in `nsurlsessiond` +* Certificate evaluations marked **pending** but accepted + +**Engineering Recommendations:** + +* Fail-closed on trust evaluation errors +* Lock ATS enforcement settings after boot +* Add schema validation to trust anchor deserialization +* Patch TOCTOU flaws in TLS processing + +--- + +## Why This Is Critical + +This was not a simple bug. It was a **collapse of iOS’s trust layer** — the foundation of secure communication and authentication. + +During the failure: + +* Certificate verification was bypassed +* TLS requirements were disabled +* Critical services trusted unverified connections without any warning + +This left users and organizations vulnerable to impersonation, interception, and tampering. + +---