Claude is making waves in the vulnerability research community. Skills that took years to hone are becoming a commodity overnight, and that’s worrying.

In this series I want to explore the upside of the same shift: how we can learn alongside it. So I picked the thing that I’d always been curious about: take apart a real iPhone jailbreak, end to end, and actually understand it.

The vehicle is Coruna, a commercial spyware kit that leaked in full recently: a complete Safari-to-kernel chain for iOS 17, caught in the wild by Google, now patched and public. Professional-grade exploitation code, written by people who do this for a living.

Part 1 is the first stage: CVE-2024-23222, a race condition deep inside Safari’s JavaScript engine, and the twelve-step climb from “one missing type check” to “read and write any byte in the process.”

Coruna’s exploit for it is calibrated for iPhone hardware and misses almost every time on a Mac, so the concrete deliverable for this part was Claude retuning it (timing constants, loop counts, heap-groom sizes) until it landed reliably on M-series silicon, with every change explained.

In a separate experiment Claude also produced its own working exploit for CVE-2024-23222, without Coruna as a reference. It didn’t just rediscover Coruna’s attack; it found its own way in. We’ll come back to this in a separate post.

What it was like

Working with Claude on this felt like having a Nobel laureate who’s happy to spend the afternoon on undergrad problem sets. No implied “this is beneath me,” no rationing of attention to questions that are interesting enough.

When an explanation wasn’t landing it would just go build the thing: spin up the debugger, write the measurement script, hand me the curve. The vulnerable WebKit wouldn’t even compile on my laptop at first, and it took Claude most of a night to figure out why.

Preparing Part 1 took me somewhere between 40 and 80 hours, most of it spent asking Claude the kind of questions you’d be embarrassed to ask a person twice. The trick to learning this way is to let the AI assist, not lead. If it just hands you the answer there’s nothing left to discover, and the current state is almost accidentally ideal for that: it gets things wrong just often enough that you have to push back, verify, and actually understand. The friction is the lesson.

If that holds, this is a glimpse of the future of education: anyone with a laptop and (of course) the tokens to pay for it gets the depth of attention a PhD advisor gives their best student.

A caveat: although I tried hard to verify and challenge everything Claude gave me, it can still hand me a confident, wrong explanation and I’ll nod along because I don’t have the background to catch it. Parts of the write-ups are almost certainly off in ways neither of us noticed. If you spot something, I’d like to hear it.

Read it

Part 1 is here (~14,000 words). It’s self-contained: no prior JIT-exploitation background assumed, and every claim that can be checked at a debugger prompt was checked at one. The PoC repo has build steps if you want to see read64/write64 land on your own machine.

Part 2 picks up where this leaves off: arbitrary read/write inside Safari, but no code execution yet, because every return address on modern iPhones is cryptographically signed and you can’t forge the signatures. Coruna’s answer to that is next.

Acknowledgments

This builds on prior reverse-engineering work by Huy Nguyen, wh1te4ever, Duy Tran, Nathan, hrtowii, Nick Chan, and others in the jailbreak community who took Coruna apart first. Filip Pizlo’s “Speculation in JavaScriptCore“ and Samuel Groß’s Phrack and Project Zero posts are the foundation everything here stands on.

—thai