Hazumi News | Show HN: Live iOS 26.3 exploit detection (CVE-2026-20700)

Public release of *ZombieHunter*, a forensics tool detecting live exploitation of CVE‑2026‑20700 (dyld memory corruption) in iOS 26.3. Analysis of sysdiagnose archives shows identical exploit shells showing different C2 endpoints:

US Device 1 → 83.116.114.97 (EU/US) US Device 2 → 101.99.111.110 (CN)

The rogue dyld_shared_cache slice triggers overflow via malformed `mappings_count`, executes shellcode (BL #0x15cd), and applies an AMFI bypass (`DYLD_AMFI_FAKE`) enabling unsigned code persistence. Apple PSIRT + CISA were notified; public disclosure follows.

Sample: https://drive.google.com/file/d/1rYNGtKBMb34FQT4zLExI51sdAYR... SHA256 artifact: ac746508938646c0cfae3f1d33f15bae718efbc7f0972426c41555e02e6f9770

Usage: `python3 zombie_auditor.py sysdiagnose_xxx.tar.gz` (Needs capstone)

Reproducible PoC confirms CVE‑2026‑20700 bypass, AMFI neutralization, and live C2 connectivity in production iOS 26.3.

Summary

The article describes the development of 'Zombie Hunter', a survival game where players must navigate through a zombie-infested world and collect resources to stay alive. The game features procedurally generated levels, a crafting system, and various weapons and tools to aid in the player's survival.

Story

Show HN: Live iOS 26.3 exploit detection (CVE-2026-20700) – Multi-region C2