S5 - Specific Siri Security Situation in Slovakia

Question

Created 2w

Replies 1

Boosts 0

Participants 1

Dears,

I have reached out to Apple Research and Apple Security but this is NOT really for them. This is a developer topic !! Apple Research and Security are trying to find a malicious code, bugs ect, but what I am whitnessing is different and much much deeper into the code. Apple Intelligence in Slovakia is much more limited then in other countries. A specific security configuration due to EU regulations in combination with Siri NOT able to speak or understand Slovak. At low level this combination with a small PUSH with good timing, makes the devices to completely strip themselves off, of all security and trust certifications. What follows is a blank completely from scratch processed reinstall, where the attacker only prepares the "CORRECT" files and information and all the work is done by Apple system itself !!! The result is a complete domination of hardware using the NPU (ANE) chip, which does all the job. And I mean each pixel, sound, connection ect... What is the MOST ALARMING is that due to the proud declaration of customer data privacy this is the exact spot where if something like this happens, Apple will NOT be able to see it.
The Customer is then in an extreme situation, where he knows that the devices, accounts, keychain, bank account, each app, each picture or sound.... Everything is compromised, but online help and the retailers are too short for this and further to this Apple DONT HAVE AN OFFICE in Slovakia. Only thing left are the contracted service (repair) shops, which are capable to perform a DFU Restore, which does NOT help. I have requested DFU Restore approx 15x in the last 9 months. Once you turn on and you only pick the language, there is a GLITCH and you know this is back again.

A very quick and not too detailed process: It is a very silent and extremely sophisticated takeover without an ovious crash at the beginning. Using various tools, which I can describe and present examples. One variation is a HTML code a DOM which is recursive, calling functions and cancelling. Too many functions with offset which results in a graphics freeze, overload or similiar.. The object itself is not frozen and it is carefully prepared !! It will mostly copy and clone the target and NEST inside without knowing. What happens here is that this recursive DOM was applied and therefore the SHUTDOWN MONITOR LOG occured. This froze also mds index which blocked the mounting and unmounting of Volumes.... This is ofcourse carefully instrumented not to raise any attention. Same structure can be used in any code, any language, pdf, it can be nested in a wallpaper or a standard image, library, anywhere ... I can provide a proof and a functional script... The install log is showing - Untracked client connected - RemoteManagement which REINSTALLED the OS. After that Launchd skipps almost all tasks on the next run .... After this mounting volumes block, the system will not restart as standard, insted forced to early boot as possible which starts with PKI TRUST and SIRI UNDERSTANDING ... The PKI TRUST is manipulated and prepared and Siri is not called by the system as Apple Inteligence. So with reinstalled and carefully prepared OS, Launchd who skipped most tasks at the start and without proper encryption. There is a direct open path to Siri and her ASR HAMMERING....

I have personally checked almost 10 different electronics shops and checked the console on each Macbook that was free to try. In each of them these four Protolol logs were the exact same !!!! But after that a brutal iphone reinstall and even over lockdown mode reinstall will follow... Can also provide logs and information... And there is a SIMPLE LOGIC PARADOX with HUGE impact. Any document can be signed by Apple in a second. That is how the PKI TRUST was manipulated without any problem. That is also extremely important ... I can present this, but I must know that somebody is listening.... otherwise the only way is press...

Apple Research and Security is blind here and I simply cannot get any answer.... If you know anybody in Slovakia, tell them to go to check this out !!! Get this information to Somebody who could just check it please .... This is probably the largest Supply Chain Attack ever ... And all it takes is a phone call to iStores to Slovakia so they can check for you ...

From what I can see, now an update is prepared for Siri. It is based on Ruby but mostly Nokogiri and Gumbo. It will be presented as a 8 bit range training for local LLM, as super fast, but really it will be a combination of Hohner Electric Piano from the 70s with 8 bit sound which will use DTrace and its ROOT privileges. The sound is a square frequency which can be used to hide communication or something we dont know yet. And it does not matter anymore... With a direct connection to GitHub or just the internet ... Any code can be signed and stored anywhere .... The codename is ELECTRA, from what I know this tag was used for jailbreak of Siri in the past. So I belive this will be the final act ...

Is there somebody to whom I can speak to about this ?? No generic mails ... THX Mike

Answer 1

Mikalobapple OP

4d

Dears,

Several days have passed ... More than 30 developers have seen this, yet nobody replied to me. Please understand that this is not my day job. I have purchased a PERSONAL PRODUCTION version a NEW Macbook M4 air 15inch 2025 together with iPhone 17 standard 2025 in Slovakia as explained above. Yet my macbook and my iphone are setup as an AppleInternal devices with experimental functions and some really important files that I probably should not see .... So please get me somebody to whom I can talk to !!! I guess this is somekind of a leakage that somehow ended in my hands ... There is a lot here, but I dont want to share in forum ..... Some details from my terminal ...

echo $PATH /usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/pkg/env/global/bin

Here are some logs showing a path ... 2026-06-23 01:42:42.527767+0200 0xee242 Default 0x0 6731 0 AppleIDSettings: (Settings) [com.apple.Settings:framework] /AppleInternal/Library/BuildRoots/4~CNqcugDtZJ636-maTCE9TPEeVB_BEshvc2-RU4I/Library/Caches/com.apple.xbs/TemporaryDirectory.80ygll/Sources/SettingsFramework/Settings/Extension Support/SettingsServiceScene.swift:94 shouldAccept(connection:)

2026-06-23 01:42:42.626220+0200 0xee1f5 Default 0x1ba73d 6728 0 System Settings: (Settings) [com.apple.Settings:framework] /AppleInternal/Library/BuildRoots/4~CNqcugDtZJ636-maTCE9TPEeVB_BEshvc2-RU4I/Library/Caches/com.apple.xbs/TemporaryDirectory.80ygll/Sources/SettingsFramework/Settings/Extension Support/SettingsExtensionHostView.swift:236 hostViewControllerDidActivate(_:) com.apple.Network-Settings.extension <_EXHostViewController: 0x97c9df0c0>

2026-06-23 01:42:42.642588+0200 0xee1f5 Default 0x0 6728 0 System Settings: [com.apple.systempreferences:app] /AppleInternal/Library/BuildRoots/4~CNqsugAnY8l5oY8Xe0Lu4PRqQeaPzN2_Q_itm2A/Library/Caches/com.apple.xbs/TemporaryDirectory.kUvamm/Sources/SystemPrefsApp/Swift/PPCenter.swift:1486 navigationStackDidChange(bundle:)

2026-06-23 01:23:59.728617+0200 0xeb62e Error 0x0 438 0 biometrickitd: [com.apple.BiometricKit:Daemon-Mesa] AssertMacros: _currentEvent == _matchEvent (value = 0x0), file: /AppleInternal/Library/BuildRoots/4~COUgugDh7gffwOKvEp9OONq7zm4dEhScR0amG6k/Library/Caches/com.apple.xbs/TemporaryDirectory.AoNSGL/Sources/Mesa_NonUI/AppleBiometricServices/MesaCoreAnalytics/MesaCoreAnalytics.m, line: 486

And I think that you had to face some extreme algorithm back in 02 August and 22-25 September 2025 following also approx 12 February 2026 in which you had to react.... This is connected ... My Macbook was also affected ... but I dont know now if a third party is remotely accesing my Macbook or if this is Apple directly ... But I know about the algorithm and how it works ...

Some notes from important bundles: PROGRAM:CoreUI PROJECT:CoreUI-975 [LAR]Xcode 26.3 (17E6107) PROGRAM:CoreThemeDefinition PROJECT:CoreThemeDefinition-653.4 [LAR] [IIO-2784.5.3][LAR]

I will just amend this a bit DICT KEY com.apple.private.appintents-bundle-absolute-paths ARRAY STRING /System/Library/PrivateFrameworks/SafariSwift.framework ARRAY KEY com.apple.private.safari.can-use-bookmarks-sync-agent TRUE KEY com.apple.private.security.storage.Safari TRUE KEY com.apple.security.app-sandbox TRUE KEY com.apple.security.temporary-exception.files.home-relative-path.read-write ARRAY STRING /Library/Containers/com.apple.Safari/Data/Library/Preferences/ ARRAY KEY com.apple.security.temporary-exception.mach-lookup.global-name ARRAY STRING com.apple.SafariBookmarksSyncAgent ARRAY KEY com.apple.security.temporary-exception.shared-preference.read-write ARRAY STRING com.apple.Safari ARRAY DICT

After update I am able to choose if to use Safari 26.5 or Safari 26.4 ... My devices are completely remotely controlled either by a third party or by Apple... DFU is not WORKING !!! I done it 20x .... Maybe you think this is just a testing device but it is NOT !! My company, My life, My complete identity is AT RISK HERE !!!! So please get this to somebody who can help with this ...

Thanks Michal
contact is difficult ... try research.age AT proton DOT me because I dont know if my icloud is working or not... but my contact details in icloud should be fine