by kai5263499

A collection of OSX and iOS security resources

473 Stars 92 Forks Last release: Not found Apache License 2.0 151 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

osx-security-awesome AwesomeTravis

A collection of OSX/iOS security related resources


Linking a microphone

  • The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions ### iOS vulnerability write-up
  • A repository of iOS vulnerability write-ups as they are released
  • Also includes conference papers ### iOS display bugs
  • Regularly updated list of iOS display bugs

Mac Virus

  • Frequently updated blog that provides a good summary of the latest unique mac malware.

Intego Mac Security Blog

  • Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues


  • Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.

The Safe Mac

  • Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.

Mac Security

  • Another Mac security blog. This often includes more in-depth analysis of specific threats.

OSX Daily

  • Not strictly security-specific but it contains jailbreaking information which has security implications



  • Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google


  • System monitoring tool


  • A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version


  • Everything you need to know about the launchd service

OSX startup sequence

  • Step-by-step guide to the startup process

Google OSX hardening

  • Google's system hardening guide

Run any command in a sandbox

  • How to for using OSX's sandbox system


  • Reversing the Apple sandbox
  • Paper

OSX El Capitan Hardening Guide

  • Hardening guide for El Capitan

Hardening hardware and choosing a good BIOS

  • Protecting your hardware from "evil maid" attacks

Malware sample sources


Digital Forensics / Incident Response (DFIR)


Reverse engineering

New OS X Book

Presentations and Papers

Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions

Windshift APT


Virus and exploit writeups

Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231

A fun XNU infoleak






Mac Defender

Wire Lurker


Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."

  • Deep dive into the interprocess communication and its design flaws

PEGASUS iOS Kernel Vulnerability Explained

Analysis of iOS.GuiInject Adware Library


  • Gaining access through the wireless subsystem

Reverse Engineering and Abusing Apple Call Relay Protocol

  • Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

Exploiting the Wifi Stack on Apple Devices

Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices * Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) * Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) * Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices * Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices * Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

ChaiOS bug

  • A message that crashes iMessage
  • Looks similar to previous bugs rendering Arabic characters

Useful tools and guides

[email protected]

Remote Access Toolkits





EggShell surveillance tool - Works on OSX and jailbroken iOS

EvilOSX - Pure python post-exploitation toolkit

Worth following on Twitter

Other OSX Awesome lists

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.