iOS 26 Emulator for Apple Silicon Released
What happened
A fully working iOS 26 emulator that runs on Apple Silicon hardware has been announced. The emulator uses PCC firmware, and public instructions for its setup have been released. This provides security researchers and developers an alternative to commercial services like Corellium for testing iOS vulnerabilities and software on a virtualized iPhone.
Why it matters
- This emulator originates from components, specifically labeled "vphone600ap," discovered within the firmware for Apple's Private Cloud Compute (PCC). First highlighted by security researcher "matteyeux" in late 2025, these components were initially speculated to be either an accidental inclusion or a planned, unreleased tool for security researchers. - The virtualization is powered by a modified open-source tool called `super-tart`, which is an enhanced version of `tart`. `tart` itself is a command-line tool designed to create and run macOS and Linux virtual machines on Apple Silicon by leveraging Apple's native Virtualization.framework for near-native performance. - `super-tart` adds features specifically for security research that are absent in the base version, including a custom bootrom, serial output, DFU mode, and, most notably, support for live kernel debugging with GDB. This level of introspection is critical for vulnerability analysis. - The emulator reportedly supports Metal acceleration for graphics, enabling smoother performance than previous open-source attempts and making it more comparable to commercial offerings. The setup instructions detail how to patch firmware integrity checks to allow for the restoration of custom firmware, a key step for deep system analysis. - This tool utilizes private, undocumented APIs within Apple's own Virtualization.framework. Consequently, running the emulator requires disabling System Integrity Protection (SIP) and potentially Apple Mobile File Integrity (AMFI) on the host Mac. - This release provides a powerful, free alternative to Corellium, which has been the primary commercial option for iOS virtualization. Corellium's service is subscription-based, with plans that can cost several hundred dollars per month. - Apple previously sued Corellium for copyright infringement in 2019, a move that created a "chilling effect" among some security researchers. However, a federal judge later ruled Corellium's software was protected under the "fair use" doctrine for security research, a major legal victory for the community. Apple and Corellium eventually settled confidentially.
Key numbers
- A fully working iOS 26 emulator that runs on Apple Silicon hardware has been announced.
- - This emulator originates from components, specifically labeled "vphone600ap," discovered within the firmware for Apple's Private Cloud Compute (PCC).
- First highlighted by security researcher "matteyeux" in late 2025, these components were initially speculated to be either an accidental inclusion or a planned, unreleased tool for security researchers.
- Apple previously sued Corellium for copyright infringement in 2019, a move that created a "chilling effect" among some security researchers.
What happens next
- Corellium's service is subscription-based, with plans that can cost several hundred dollars per month.
Quick answers
What happened in iOS 26 Emulator for Apple Silicon Released?
A fully working iOS 26 emulator that runs on Apple Silicon hardware has been announced. The emulator uses PCC firmware, and public instructions for its setup have been released. This provides security researchers and developers an alternative to commercial services like Corellium for testing iOS vulnerabilities and software on a virtualized iPhone.
Why does iOS 26 Emulator for Apple Silicon Released matter?
This emulator originates from components, specifically labeled "vphone600ap," discovered within the firmware for Apple's Private Cloud Compute (PCC). First highlighted by security researcher "matteyeux" in late 2025, these components were initially speculated to be either an accidental inclusion or a planned, unreleased tool for security researchers. The virtualization is powered by a modified open-source tool called super-tart, which is an enhanced version of tart. tart itself is a command-line tool designed to create and run macOS and Linux virtual machines on Apple Silicon by leveraging Apple's native Virtualization.framework for near-native performance. super-tart adds features specifically for security research that are absent in the base version, including a custom bootrom, serial output, DFU mode, and, most notably, support for live kernel debugging with GDB. This level of introspection is critical for vulnerability analysis. The emulator reportedly supports Metal acceleration for graphics, enabling smoother performance than previous open-source attempts and making it more comparable to commercial offerings. The setup instructions detail how to patch firmware integrity checks to allow for the restoration of custom firmware, a key step for deep system analysis. This tool utilizes private, undocumented APIs within Apple's own Virtualization.framework. Consequently, running the emulator requires disabling System Integrity Protection (SIP) and potentially Apple Mobile File Integrity (AMFI) on the host Mac. This release provides a powerful, free alternative to Corellium, which has been the primary commercial option for iOS virtualization. Corellium's service is subscription-based, with plans that can cost several hundred dollars per month. Apple previously sued Corellium for copyright infringement in 2019, a move that created a "chilling effect" among some security researchers. However, a federal judge later ruled Corellium's software was protected under the "fair use" doctrine for security research, a major legal victory for the community. Apple and Corellium eventually settled confidentially.
