Introduction

I am Rosyna. I code stuff for macOS. My specialty is finding and  fixing really obscure bugs in source code bases I have no familiarity with.

You can reach me via email or iMessage via "rosyna" @ <iTools, .Mac, MobileMe, or the iCloud domain name> .

On the socials™:
Twitter: @rosyna
Mastodon: @rosyna@mastodon.social
Bluesky: @rosyna.bsky.social
Threads: @rosynakeller

Objectives

I'm looking for a software development position where I can extend and improve a product I am passionate about.

I have been designing, developing, shipping, and supporting software for over 12 years, with a focus on creating software that increases productivity through customization.

Skills

Languages: Proficient in C, Objective-C; Familiar with AppleScript, implementing AppleScript support in applications, shell scripting, C++, Swift.

Debugging and Reverse Engineering: Using gdb/lldb, nm, otool, IDA Pro, Hopper, and sample. I excel at reverse engineering. If you read this blog here on Paradise Façade you'll see many examples of my reverse engineering skill set.

Leadership: Partner in Unsanity LLC, managed engineering efforts among multiple products for over 10 years.

Style: Tenaciously investigates bugs, Bugs will not get away from me. I learn new technologies extremely quickly.

Experience

CVEs found:

CVE-2008-1028, this and some other security bugs I found in the FontParser/Text Layout engines everyone agreed should not be made public got me a contract job with Apple’s Font and Typography Group fixing security bugs in the FontParser code from 2010-2012. Apple did not generally generate CVEs at this time for security bugs found within Apple.

CVE-2025-43357, a privacy bug in Call History that allowed a malicious actor to create a map of all user devices that had been enrolled in Apple’s Wi-Fi calling feature, leading to fingerprinting across apps and devices. There were a total of 3 privacy bugs involving fingerprinting that I reported that were addressed in iOS 26 and associated releases.

CVE-2025-43449, a privacy bug in the old Apple TV Remote app that left a cache that allowed a malicious app to track a user across installs. Fixed in iOS 26.1 et fam.

Future CVEs, privacy bugs that are scheduled to be fixed in the next version of iOS 26 (iOS 26.2?). The details are currently under non-disclosure until the fix has been rolled-out to users.

SEAR, Apple — 2016-2024

Worked on macOS Notarization, including documentation, server implementations, policy implementations, stapler, notarytool, and hardened runtime documentation (the entitlements part).

This job required a lot of reverse engineering of macOS applications and malware analysis.

Lead Programmer, Unsanity — 2002–2013

Videos of some of what I worked on.

Silly Effect - Normal Menus - YouTube 

Silly Effect - Dark Menus - YouTube 

(The Below Unsanity.com Links are no longer live and instead point to links on The Internet Wayback Machine)

Responsible for feature direction and maintenance of the following products:

APPLICATION ENHANCER (APE)  http://unsanity.com/haxies/ape

Run-time code injection framework.

Uses CoreFoundation, POSIX I/O, AppKit, mach messaging.

SILK  http://unsanity.com/haxies/silk

System-wide runtime font substitution utility.

Uses NSFont, ATSUI, CoreText, QuickDraw.

FontCard  http://unsanity.com/haxies/fontcard

WYSIWYG font menu and panel customization utility.

Uses HIToolbox, CarbonEvents, AppleEvents, ATSUI, CoreText, CoreGraphics, ImageIO, sqlite.

MENU MASTER  http://unsanity.com/haxies/menumaster

Menu customization utility.

Uses HIToolbox, CarbonEvents, NSMenu, Carbon Data Browser, heavily took advantage of the Objective-C runtime.

MENU Extra Enabler  http://unsanity.com/haxies/mee

Third-party Menu Extra enabler.

Uses the Objective-C runtime, works around rdar://4196745.

Unsanity Updater

Unsanity-specific software updater.

Uses CoreServices, Foundation, DiskImages, LaunchServices.

Lead Technical Support, Unsanity — 03/2000–2013

Responsibilities: Addressed customer support request via email, relayed bug details to programmers, sought beneficial new technologies, and assisted other support personnel.

Additional projects available on request.

Software Engineer contracted by Apple — 2010–2012

Worked with the Fonts and Typography group (http://fonts.apple.com) to track down security bugs, bizarre crashing bugs and obsoleting old code.

Software Engineer contracted by Layered Logic — 2012

Worked on QuickBooks Pro for Mac. Finding and fixing obscure bugs while helping to modernize their code base.

Software Engineer contracted by ecamm — 2012-2013

Worked on modernizing the code base for iGlasses (http://www.ecamm.com/mac/iglasses/). Fixing bugs, greatly modernizing codebase, Added AppleScript support to iGlasses (made iGlasses Scriptable). Added Apple Remote support to iGlasses to zoom, rotate, pan, and tilt. Worked a lot with Quartz Composer.