A critical vulnerability in Apple’s iOS activation backend allows injection of unauthenticated XML .plist payloads during the device setup phase. The flaw permits arbitrary provisioning changes without authentication, signature verification, or error feedback; exposing devices to pre-activation tampering & persistent configuration manipulation.
-
Updated
Nov 7, 2025