He posted his findings on iClarified at 11:47 PM on December 31st. The post was clinical: "Firmware Analysis: Malicious SEP_haptics instruction found in build 21A329. Mitigation: Disable haptics or update to beta 21A330."
"PATCHED. THANK YOU, MARCUS. — GHOST"
Last Tuesday, he decrypted the latest IPSW (iPhone Software) restore file. Using a custom python script he’d built from an iClarified tutorial on firmware extraction, he carved out the SepOS kernel cache—the secure enclave’s brain. That’s when he saw it. iphone firmware iclarified