iOS 26 Emulator for Apple Silicon Released
A fully working iOS 26 emulator that runs on Apple Silicon hardware has been announced. The emulator uses PCC firmware, and public instructions for its setup have been released. This provides security researchers and developers an alternative to commercial services like Corellium for testing iOS vulnerabilities and software on a virtualized iPhone.
- This emulator originates from components, specifically labeled "vphone600ap," discovered within the firmware for Apple's Private Cloud Compute (PCC). First highlighted by security researcher "matteyeux" in late 2025, these components were initially speculated to be either an accidental inclusion or a planned, unreleased tool for security researchers. - The virtualization is powered by a modified open-source tool called `super-tart`, which is an enhanced version of `tart`. `tart` itself is a command-line tool designed to create and run macOS and Linux virtual machines on Apple Silicon by leveraging Apple's native Virtualization.framework for near-native performance. - `super-tart` adds features specifically for security research that are absent in the base version, including a custom bootrom, serial output, DFU mode, and, most notably, support for live kernel debugging with GDB. This level of introspection is critical for vulnerability analysis. - The emulator reportedly supports Metal acceleration for graphics, enabling smoother performance than previous open-source attempts and making it more comparable to commercial offerings. The setup instructions detail how to patch firmware integrity checks to allow for the restoration of custom firmware, a key step for deep system analysis. - This tool utilizes private, undocumented APIs within Apple's own Virtualization.framework. Consequently, running the emulator requires disabling System Integrity Protection (SIP) and potentially Apple Mobile File Integrity (AMFI) on the host Mac. - This release provides a powerful, free alternative to Corellium, which has been the primary commercial option for iOS virtualization. Corellium's service is subscription-based, with plans that can cost several hundred dollars per month. - Apple previously sued Corellium for copyright infringement in 2019, a move that created a "chilling effect" among some security researchers. However, a federal judge later ruled Corellium's software was protected under the "fair use" doctrine for security research, a major legal victory for the community. Apple and Corellium eventually settled confidentially.
