Apple iOS uses sandboxing to confine apps to certain calls they can make to services and the kernel. Apps are attached a sandbox profile: a set of rules that allow or deny actions. All 3rd party apps (i.e. downloaded from the AppStore) use the same sandbox profile (container). Sandbox profiles are stored as binary blobs in the iOS kernel. In this talk, I will highlight the way iOS sandboxing works and steps we undertook in reversing binary blobs. We then analyzed reversed human-readable sandbox profiles and found misconfigurations in the profiles that allowed crippling the system from a valid app. We let Apple know of our findings, now published as CVEs.