HN Reader

Ask HN: Selling software to company I work for as an employee

44 points by apohak 3d ago 51 comments

Ask HN: Go deep into AI/LLMs or just use them as tools?

160 points by pella_may 21h ago 126 comments

Ask HN: Can you give tips on writing a README for project?

4 points by vseplet 13h ago 5 comments

Ask HN: What's your favorite architect/editor pair with Aider?

13 points by 34679 13h ago 1 comments

Ask HN: Conversational AI to Learn a Language

84 points by edweis 7d ago 61 comments

Ask HN: Senior SaaS developer wanting to pivot

4 points by heyheyhey 12h ago 7 comments

Ask HN: What HN posts inspired or changed your perspective the most?

42 points by hungle9 2d ago 20 comments

Ask HN: How do you promote your personal projects with a limited budget?

127 points by javafactory 3d ago 88 comments

ESP32 MCP Server

10 points by horw 1d ago 9 comments

Ask HN: AI Reading List

10 points by TheAlchemist 1d ago 4 comments

Ask HN: Do you have a side project you're getting tired of?

29 points by gdulli 2d ago 23 comments

Ask HN: What projects do you donate to?

4 points by xeonmc 1d ago 5 comments

I'm Peter Roberts, immigration attorney, who does work for YC and startups. AMA

256 points by proberts 8d ago 453 comments

Ask HN: How to Make Friendster Great?

94 points by ca98am79 3d ago 137 comments

We sold our first AI agent to a legacy industry–now we're stuck. Help us Advice?

11 points by goldmanX 2d ago 14 comments

Ask HN: How do you keep on top of all of the AI tools and new changes?

7 points by limonkufu 3d ago 12 comments

Ask HN: Places in the UK / Europe Related to computers

11 points by sailorganymede 2d ago 16 comments

I spent 15 years developing a tool to make sense of software version numbers

31 points by a1tern 4d ago 5 comments

Ask HN: Fakespot is shutting down July 1. Alternatives?

3 points by cjbarber 1d ago 1 comments

Apple Rejects My Name Because It Contains "Dek" – But "Dick" Is Allowed

13 points by Kevin605 9h ago 1 comments

Ask HN: Pros and cons of offering a self-hosted version of your SaaS?

15 points by DavyCreddy 3d ago 5 comments

Modern Python Boilerplate – good package basic structure

11 points by lambda-science 3d ago 3 comments

Ask HN: Where to find UX design resources?

17 points by bindd 4d ago 6 comments

Ask HN: Engineering Statics and Dynamics book recommendation

10 points by areoform 3d ago 2 comments

What If Every Picture You've Ever Seen Already Exists?

20 points by cin4ed 4d ago 28 comments

Tell HN: The Hetzner Experience - Invisible Outages

39 points by AmazingTurtle 4d ago 12 comments

AskHN: Best, simplest platform to run a Technical Interview on?

4 points by marche101 2d ago 4 comments

Ask HN: Don't You Mind That LLMs Are Mostly Proprietary?

18 points by dakiol 5d ago 19 comments

Ask HN: Agent / workflow frameworks or roll your own?

4 points by dennisy 2d ago 4 comments

X (fka Twitter) is out of service

27 points by intellectronica 15h ago 6 comments

Ask HN: What makes a programming language great for code generation?

3 points by keithasaurus 2d ago 3 comments

Ask HN: How are you using LLMs for research on a library of journal articles?

6 points by jopizio 3d ago 0 comments

Tachy0n: The Last 0day Jailbreak

176 todsacerdoti 24 5/24/2025, 7:50:41 PM blog.siguza.net ↗

Comments (24)

yjftsjthsd-h · 6h ago
> The way he managed to beat a trillion dollar corporation was through the kind of simple but tedious and boring work that Apple sucks at: regression testing.

> Because, you see: this has happened before. On iOS 12, SockPuppet was one of the big exploits used by jailbreaks. It was found and reported to Apple by Ned Williamson from Project Zero, patched by Apple in iOS 12.3, and subsequently unrestricted on the Project Zero bug tracker. But against all odds, it then resurfaced on iOS 12.4, as if it had never been patched. I can only speculate that this was because Apple likely forked XNU to a separate branch for that version and had failed to apply the patch there, but this made it evident that they had no regression tests for this kind of stuff. A gap that was both easy and potentially very rewarding to fill. And indeed, after implementing regression tests for just a few known 1days, Pwn got a hit.

And now I wonder how many other projects are doing this. Is anyone running a CI farm running historical vulnerabilities on new versions of Linux/FreeBSD/OpenWRT/OpenSSH/...? It would require that someone wrote up each vulnerability in automated form (a low bar, I think), have the CI resources to throw at it (higher bar, though you could save by running a random selection on each new version), care (hopefully easy), and think of it (surprisingly hard).

jdwithit · 2h ago
Yes, regression testing--making sure bugs you've fixed don't return--is a standard part of QA. I did volunteer QA for Mozilla in college a good 20 years ago (god that number is horrifying) and they had an ever-growing suite of regression tests. Mostly for rendering/layout or JavaScript engine bugs, since part of reproducing and proving you'd fixed those was creating a minimal test case. Which you could then easily throw into the build pipeline.

Bugs are a fact of life, but burning time and money to fix them only to have them return is the worst case scenario. Organizations that care about quality are definitely investing in regression testing. Unfortunately a whole lot of orgs give QA zero respect and offshore it to the lowest bidder, if they do it at all. It's absolutely insane to me that Apple wouldn't have regression tests for jail breaks, some of the most high profile bugs in history.

You can fairly criticize Mozilla for a number of things these days. But they had a very robust QA and CI/CD setup in the early 2000s with tools like Tinderbox and Bugzilla. When DevOps came around and popularized it I was like wait, people weren't already doing this stuff??? Turned out I had been living in a bubble and that was not the norm at all.

edoceo · 39m ago
There is a FOSS project I've seen but cannot remember the name of currently (beer) but I do recall their test case directory, one for each issue of merit. Thousand of them, easy. Might of been Sqlite. Something to look up to. I guess if you're not back porting fixes you'd likely not back port the tests either.
bcoates · 3h ago
I think the underlying problem is that lots of orgs have siloed out security stuff into its own workflow and its own class of bugs.

It's basically Conway's law applied to the security/feature development split.

So even if they have a build/release procedure with a mature regression test suite it probably wouldn't have "security" issues like this in it just as a matter of internal organization

KennyBlanken · 5h ago
> And now I wonder how many other projects are doing this.

If by 'projects' you mean intelligence agencies, then I would say it's safe to assume at least the G10 intelligence agencies are doing this along with Russia, China, NK - and likely a huge number of private groups.

weinzierl · 6h ago
I've heard Apple pays a million for Jailbreaks now. That's the lower bound for the price on the free market.
conradev · 4h ago
> now

That boundary was broken in 2015, about a decade ago: https://www.dailymail.co.uk/sciencetech/article-3301691/New-...

halJordan · 2h ago
That's cool, Apple's bug bounty didn't exist ten years ago. Apple's bug bounty does max out at $1 million (although you can get bonus multipliers up to $2mil). Just read the content before throwing down the gotcha.
ThinkBeat · 4h ago
Is there a way to contact Apple to apply for millions of dollars if one has a jailbreak?

X: Hi AppLE I haz jailb8?

Or is it via one of the intermediaries?

Or is there an email or some such that is published? (That will not to straight to 1st level support and forgotten about)

charcircuit · 4h ago
https://security.apple.com/bounty/
lern_too_spel · 3h ago
That's the market rate. https://cyberscoop.com/zerodium-android-zero-days-bounty/
andrepd · 3h ago
Well TIL that there are zero-day market makers...
tptacek · 2h ago
Bear in mind: different buyers and different price structured. You can get more selling a vulnerability to CNE shops (say: every intelligence organization in Germany), but you'll be accepting more risk --- the payments are effectively tranched (or, equivalently, back-loaded on "maintenance" fees), and if the vulnerability dies you're S.O.L. Apple also won't make you build all the reliable exploitation enablement tooling a CNE buyer will. So: they pay less.
ivanjermakov · 7h ago
If this is the case Apple employed an amazing strategy. By locking all ways to possibly root their devices they patch vulnerabilities discovered for free by jailbreak devs.
ejpir · 7h ago
but they haven't, the article says the "private" community still has exploits and apple patches them. The public, like the dev, for some reason, don't anymore.
tptacek · 6h ago
They're exclusive to private communities because they're very expensive, and getting more expensive over time; in other words, Apple's strategy has driven the cost of exploiting iOS up.

Anything public is dead, which is what you want to see.

bri3d · 5h ago
I’m not sure I agree with the premise here, although I agree with the conclusion w.r.t Apple specifically.

I’m 100% positive from experience doing VR in several non-iOS spaces that increased exploit value leads to fewer published public exploits, but! This is not a sign that there are fewer available exploits or that the platform is more difficult to exploit, just a sign that multiple (and sometimes large numbers) of competing factions are hoarding exploits privately that might otherwise be released and subsequently fixed.

As a complementary axiom, I believe that exploit value follows target value more closely than it does exploit difficulty, because the supply of competent vulnerability researchers is more constrained than the number of available targets. That is to say, someone will buy a simple exploit that pops a high value target (hello, shitty Android phones) for much more money than a complex exploit that pops a low value target. There are plenty of devices with high exploit value and low exploit publication rate that also have garbage security.

With that said, Apple specifically are a special (and perhaps the only) case where they are “winning” and people are genuinely giving up on research because the results aren’t worth the value. I just don’t think this follows across the industry.

tptacek · 3h ago
I don't think I reach the deeper questions here, and pretty much just get back to "if it was cheap, Apple would have killed it already"; in that set of circumstances there can't be viable public exploits (or broad workable bug classes to fish from) to work with.

Sucks if you're part of a public jailbreaking community, but, of course, good if you're a user.

numpad0 · 5h ago
Jailbreaks need an itch to scratch. There isn't one for Ubuntu Desktop.
hsbauauvhabzb · 5h ago
Is this actually true? Jailbreaks are more or less the same exploits used by things like Pegasus, the exploits are probably worth more to the individuals that discover them than the ability to give their friends access to side loaded apps
burnt-resistor · 3h ago
That's the rub of relative integrity. It's variably easier for some to rationalize taking the cash, even if that giant pile of coin is likely to lead to the imprisonment, deaths, and/or torturing of others for better or for worse.
hsbauauvhabzb · 3h ago
My question wasn’t about ethics and I’d rather keep it that way.