Analyzing iOS is hard for security researchers because unlike its Android rival, iOS is closely guarded and tightly managed by Apple. But a recent publication by Aleph Research, the security research arm of HCL AppScan, describes how iOS can be emulated on the popular QEMU emulator and operated using a command-line processor. While this is not yet an emulation of iOS in its entirety, the setup described provides highly effective tools to analyze iOS and its apps.

But to understand the significance of this publication, it is important to understand why analyzing the security of iOS has been hard for researchers.

iOS is a closed source operating system. Technically speaking, some of its code is open sourced — mostly the code that is common to OSX and iOS — but a lot of it remains closed. This means that it is proprietary to Apple and maintained under its tight control. As a result, security researchers struggle to analyze its inner workings and discover vulnerabilities.

In contrast, open source software is easily viewable and analyzable by anyone. Security researchers have unencumbered access to explore the code and look for vulnerabilities. And when those are found, the developer community often steps in to fix the broken code. Open source software is therefore a classic case of ‘sunlight is the best disinfectant’ — its transparency enables uncovering problems and fixing them.

Running iOS on a popular emulator like Quick Emulator, or QEMU, can help security researchers dissect and inspect its inner workings, and apply security testing techniques like automatic fuzzing to detect new vulnerabilities. So why haven’t they done so already?

It turns out that emulating iOS on QEMU has been an elusive undertaking because Apple’s lack of transparency and documentation makes it hard. In the book ‘MacOS and iOS Internals’ by Jonathan Levin — considered by many the bible of OS internals — Levin writes that “emulation of iOS has been an unofficial “holy grail” of sorts for researchers and reversers”.

In a set of two posts, the first of which was published on June 17, 2019, Jonathan Afek of Aleph Research provides a detailed description of how iOS can be mounted on QEMU. Using the setup described by Afek, AppScan researchers, and also the security research community at large, will now be able to better analyze iOS internals and use their testing tools to identify vulnerabilities in the operating system and its applications.

HCL AppScan is a provider of application security testing tools for web application, APIs and mobile apps. Expert research from the Aleph Research team helps AppScan ensure its testing tools remain current with new technologies and attack tactics. You can visit HCL AppScan at, and read more research from Aleph Research at

Comment wrap
Further Reading
Secure DevOps | June 24, 2022
Automatic Issue Correlation Now Part of HCL AppScan
There is no silver bullet that can solve the application security challenge. Each of the core technologies (IAST, DAST, and SAST) has strengths and weaknesses.Auto Issue Correlation allows us to leverage the strengths of each technology, while overcoming weaknesses with the advantages of the others. Furthermore, Auto Issue Correlation enhances your AST capabilities, improves your prioritization process and reduces remediation time and effort.
Secure DevOps | May 20, 2022
New Vulnerability in Spring Framework Detected
A new vulnerability, dubbed SpringShell in Spring Framework, was recently discovered by the HCL AppScan team.SpringShell was given a CVE ID of CVE-2022-22965, and results in Remote Code Execution (RCE) upon successful exploitation, compromising the web server and putting it under the attacker's control. It affects Spring Framework versions 5.3.17/5.2.19 and lower (it was patched in versions 5.3.18/5.2.20).
Secure DevOps | April 28, 2022
Latest Version of AppScan Standard Now Available
AppScan standard has been a market-leading DAST solution for the last 20 years with evolving capabilities throughout the years.
Filters result by