iOS安全相关学习资料

1. 　https://github.com/zhengmin1989/iOS_ICE_AND_FIRE  (冰与火代码)
2. http://weibo.com/zhengmin1989?is_hot=1 （蒸米博客）
3. http://drops.wooyun.org/tips/9300
4. http://drops.wooyun.org/papers/10156
5. 　https://github.com/KJCracks/yololib (dylib注入源码)
6. https://github.com/zhengmin1989/iOS_ICE_AND_FIRE (binary)
7. CaptainHook framework

OSX/IOS漏洞源码：

1. https://github.com/tihmstar/rootpipe_exploit
2. https://github.com/jndok/ropnroll
3. https://github.com/tyranid/canape-ssl-mitm-osx
4. https://github.com/kpwn/vpwn
5. https://github.com/kpwn/tpwn
6. https://github.com/jndok/tpwn-bis
7. https://github.com/wzw19890321/OSX_vul
8. https://github.com/linusyang/SSLPatch

公开的IOS越狱源码：

1. IOS6.1.3~6.1.6的越狱源码
2. https://github.com/p0sixspwn/p0sixspwn
3. IOS8.4.1的越狱源码
4. https://github.com/kpwn/yalu

OSX/IOS漏洞研究博客：

1. Hidden backdoor API to root privileges in Apple OS X
2. https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
3. Metasploit post exploitation scripts to steal ios5 backups
4. http://www.securitylearn.net/2012/09/09/metasploit-post-exploitation-scripts-to-steal-ios-5-backups/
5. OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
6. https://www.sektioneins.de/en/blog/15-07-07-dyld_print_to_file_lpe.html
7. Researchers discover new keychain vulnerability in osx
8. http://www.csoonline.com/article/2979068/vulnerabilities/researchers-discover-new-keychain-vulnerability-in-osx.html
9. Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper
10. http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-completely-bypasses-macs-malware-gatekeeper/
11. IOS9.2/9.2.1修补的内核漏洞
12. http://blog.pangu.io/race_condition_bug_92/
13. POC2015 & RUXCON2015 盘古团队议题
14. http://blog.pangu.io/poc2015-ruxcon2015/
15. 一个“短命”的IOS内核漏洞
16. http://blog.pangu.io/short-lifecycle-bug/
17. IOS8.4.1 Kernel Vulnerabilities in AppleHDQGasGaugeControl
18. http://blog.pangu.io/ios-8-4-1-kernel-vulns/
19. CVE-2015-5774
20. http://blog.pangu.io/cve-2015-5774/
21. IOS8.1.2越狱过程详解及相关漏洞分析
22. http://nirvan.360.cn/blog/?p=887
23. 从p0sixspwn源码看越狱流程，原理，目的
24. http://bbs.pediy.com/showthread.php?t=193859&viewgoodnees=1&prefixid=
25. Pangu8越狱中所用/usr/libexec/neagent漏洞原理分析
26. http://bbs.pediy.com/showthread.php?t=195495&viewgoodnees=1&prefixid=
27. DYLD_ROOT_PATH dyld本地提取漏洞分析
28. http://nirvan.360.cn/blog/?p=455
29. tpwn分析
30. http://nirvan.360.cn/blog/?p=469
31. CVE-2015-5774分析及利用
32. http://nirvan.360.cn/blog/?p=461
33. CVE-2014-4423分析过程及结论
34. http://nirvan.360.cn/blog/?p=450
35. IOS ODay分析：播放视频造成内核DoS
36. http://nirvan.360.cn/blog/?p=487
37. IOS进程通讯安全和利用
38. http://nirvan.360.cn/blog/?p=723
39. 在非越狱的iPhone6(IOS8.1.3)上进行钓鱼攻击（盗取App Store密码)
40. http://drops.wooyun.org/mobile/4998
41. IOS URL Scheme劫持-在未越狱的iPhone6上盗取支付宝和微信支付的帐号和密码
42. http://drops.wooyun.org/papers/5309
43. IOS冰与火之歌-Object-C Pwn and IOS arm64 ROP
44. http://drops.wooyun.org/papers/12355
45. IOS冰与火之歌-在非越狱手机上进行App Hook
46. http://drops.wooyun.org/papers/12803
47. 对dyld的分析（源码，代码签名等）
48. http://cocoahuke.com/2016/02/14/dyld%E5%8A%A0%E8%BD%BD%E8%BF%87%E7%A8%8B/
49. 太极taiji(IOS8.4)Info和部分反编译代码
50. http://cocoahuke.com/2015/09/18/taij(iOS8.4)/
51. CVE-2015-5774
52. http://cocoahuke.com/2015/09/18/describeCVE-2015-5774/

OSX/IOS漏洞集合网站：

1. https://www.exploit-db.com/platform/?p=osx
2. https://www.exploit-db.com/platform/?p=ios
3. https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-15556/Apple-Iphone-Os.html
4. http://www.macexploit.com/