Trust Broken at the Core

This report presents a technical analysis of the 2023 Predator (Cytrox/Intellexa) iOS spyware loader: it documents static and dynamic findings, entitlements, process behaviors (watcher/helper), use of iOS 2023 vulnerabilities (CoreTrust, kernel LPE, WebKit RCE), and provides file- and log-based IOCs and detection guidance for forensic and runtime telemetry.