Mysk 🇨🇦🇩🇪's banner
Mysk 🇨🇦🇩🇪's profile picture

Mysk 🇨🇦🇩🇪

@mysk_co19,181 subscribers

We're two #iOS developers and occasional #security researchers on two continents. #CyberSecurity 📝https://t.co/69k7WAphKl 🇨🇦🇩🇪 Current Project: @psylo_app

Shorts

Starting in iOS 26, Apple apps seem to access contacts more aggressively. A new app/process called "ShortcutsActions" sticks out. It accesses contacts very frequently, even when the #iPhone is locked. #iOS built-in apps can access protected resources without user's permission.

Starting in iOS 26, Apple apps seem to access contacts more aggressively. A new app/process called "ShortcutsActions" sticks out. It accesses contacts very frequently, even when the #iPhone is locked. #iOS built-in apps can access protected resources without user's permission.

184,716 次观看

I think this may be one of the last traces of Jobs-era Mac OS X design Favourites go poof! 💨 I miss the whimsy in UI design, in everything really

I think this may be one of the last traces of Jobs-era Mac OS X design Favourites go poof! 💨 I miss the whimsy in UI design, in everything really

124,982 次观看

iOS 18 beta 3: RCS is active in Germany (A bit buggy when sending videos, still much better than SMS)

iOS 18 beta 3: RCS is active in Germany (A bit buggy when sending videos, still much better than SMS)

13,932 次观看

Videos

LIVE
1.2k

Anya Rossi

sweetdream.ai

SweetDream.aiSponsoredLivecam
Streaming Now

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

HD live stream
Exclusive private shows
1.2k viewers online

Free preview available • Premium content

😱 iOS 26.4.2 still leaks the real IP when updating VPN apps. Motivated by Mullvad's recent blog, we made a website that logs the iPhone IP every second. We started Mullvad VPN, opened the website, then let Mullvad updated in the background. See the leaks in action.. 🤯
0:40
mysk_co's profile picture

😱 iOS 26.4.2 still leaks the real IP when updating VPN apps. Motivated by Mullvad's recent blog, we made a website that logs the iPhone IP every second. We started Mullvad VPN, opened the website, then let Mullvad updated in the background. See the leaks in action.. 🤯

Mysk 🇨🇦🇩🇪

724,727 次观看 • 1 个月前

🚨 iMessages in iOS 26 leaks the sender's keyboard language when sending reactions to devices with iOS 17 or older, and Android phones via RCS! 😱 #privacy #Apple #iOS26
1:27
mysk_co's profile picture

🚨 iMessages in iOS 26 leaks the sender's keyboard language when sending reactions to devices with iOS 17 or older, and Android phones via RCS! 😱 #privacy #Apple #iOS26

Mysk 🇨🇦🇩🇪

949,552 次观看 • 8 个月前

😎🔬 Proton VPN just got updated. When iOS updated the app with the kill switch on, it was a total mess: iOS blocked internet for nearly 6 minutes, then terminated the app and its VPN tunnel, exposing iPhone traffic and IP. The VPN required a manual restart 😠. Watch this demo:
2:22
mysk_co's profile picture

😎🔬 Proton VPN just got updated. When iOS updated the app with the kill switch on, it was a total mess: iOS blocked internet for nearly 6 minutes, then terminated the app and its VPN tunnel, exposing iPhone traffic and IP. The VPN required a manual restart 😠. Watch this demo:

Mysk 🇨🇦🇩🇪

103,363 次观看 • 1 个月前

Signal Desktop is not secure. With every vulnerability we discover on macOS, we find Signal Desktop to be an easy target. In this video, we show how a Signal session can be stolen and restored on a remote Mac without the user being aware. Only use Signal on iPhone or Android
9:09
mysk_co's profile picture

Signal Desktop is not secure. With every vulnerability we discover on macOS, we find Signal Desktop to be an easy target. In this video, we show how a Signal session can be stolen and restored on a remote Mac without the user being aware. Only use Signal on iPhone or Android

Mysk 🇨🇦🇩🇪

36,576 次观看 • 15 天前

Found another example: iTunes Store Zero Liquid Glass and untouched since the iOS 7 flattening, but still you can get the latest Taylor Swift album The best part: the app still lets you customise the bottom tab bar, a feature that existed when iOS was still called iPhone OS
0:31
mysk_co's profile picture

Found another example: iTunes Store Zero Liquid Glass and untouched since the iOS 7 flattening, but still you can get the latest Taylor Swift album The best part: the app still lets you customise the bottom tab bar, a feature that existed when iOS was still called iPhone OS

Mysk 🇨🇦🇩🇪

80,590 次观看 • 7 个月前

Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a potential #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). Why does this matter? Watch 🎬 :
2:09
mysk_co's profile picture

Since iOS 18 launched, the new Passwords app has been using unencrypted HTTP to download icons for password entries—a potential #security risk. We reported this bug to #Apple in September, and it’s finally fixed in #iOS 18.2 (CVE-2024-54492). Why does this matter? Watch 🎬 :

Mysk 🇨🇦🇩🇪

156,170 次观看 • 1 年前

Forget about switching off "Share Analytics Data" in Pages settings. Keynote, Numbers, and Pages share it regardless of your choice. #Privacy #Apple
0:59
mysk_co's profile picture

Forget about switching off "Share Analytics Data" in Pages settings. Keynote, Numbers, and Pages share it regardless of your choice. #Privacy #Apple

Mysk 🇨🇦🇩🇪

25,398 次观看 • 3 个月前

🎬 So this scam #2FA app is using custom product pages of Apple Search Ads to trick users. It has different campaigns per search keywords. When searching for "Microsoft Authenticator", it shows screenshots highlighting "Microsoft". and when searching for "Google Authenticator", it highlights "Google". Watch the video 🤯 It's worth noting that custom product pages need to be approved by App Store Connect and Apple Search Ads. This app steals 2FA secrets and its model is very suspicious as noted below. #Privacy #Apple #iOS #cybersecuritytips
0:42
mysk_co's profile picture

🎬 So this scam #2FA app is using custom product pages of Apple Search Ads to trick users. It has different campaigns per search keywords. When searching for "Microsoft Authenticator", it shows screenshots highlighting "Microsoft". and when searching for "Google Authenticator", it highlights "Google". Watch the video 🤯 It's worth noting that custom product pages need to be approved by App Store Connect and Apple Search Ads. This app steals 2FA secrets and its model is very suspicious as noted below. #Privacy #Apple #iOS #cybersecuritytips

Mysk 🇨🇦🇩🇪

66,693 次观看 • 2 年前

This is how you choose a default browser in iOS 17.4 in the EU. The prompt shows a list of browser options. Tapping on a browser option opens the browser's page on the App Store. What happens if any of these browsers is only available on an alternative marketplace?
0:47
mysk_co's profile picture

This is how you choose a default browser in iOS 17.4 in the EU. The prompt shows a list of browser options. Tapping on a browser option opens the browser's page on the App Store. What happens if any of these browsers is only available on an alternative marketplace?

Mysk 🇨🇦🇩🇪

13,023 次观看 • 2 年前

没有更多内容可加载