[FluGameAce007]

In December 2024, I reported a one-click iOS vulnerability triggered by playing a malicious MP4 audio file via iMessage or SMS. The exploit chain included:

AudioConverterService – memory corruption, AppleBCMWLAN.dext – kernel-level escalation, CryptoTokenKit – silent ECDSA key exfiltration enabling crypto theft.

Despite submitting the report to Apple (ID OE19648805943313), I received no acknowledgment or credit. On April 11, 2025, I forwarded the same working exploit to Google. Days later, Apple patched the issue under CVE-2025-31200, with credit going to Google—not the original researcher.

The linked post documents the full timeline, attack chain, and its potential connection to real-world crypto theft. I am posting for transparency to users.