Attacking iPhone XS Max
Offered By: Black Hat via YouTube
Course Description
Overview
Explore the vulnerabilities of the iPhone XS Max in this Black Hat conference talk. Delve into Apple's Pointer Authentication Code (PAC) implementation and uncover an ancient bug in the XNU kernel that affects even the latest iOS releases. Learn how to exploit this vulnerability to bypass PAC and gain arbitrary kernel read/write access. Examine topics such as Unix Domain Socket, race conditions, use-after-free (UAF) vulnerabilities, and unprotected control flow transfer points. Discover the process of adding trust caches and gaining SSH access on the iPhone XS Max. Gain valuable insights into mobile device security and penetration testing techniques from speakers Tielei Wang and Hao Xu.
Syllabus
Intro
Outline
Unix Domain Socket
Race Condition
The fix
The pattern
UAF, let's look at the USE
Binary version may be better
PAC (Pointer Authentication Code)
UAF, let's look at the second USE
Got troubles while adding trust caches
tfpo's write capability for kernel image
Look for unprotected control flow transfer points
What can we do
Got ssh on iPhone XS Max
Black Hat Sound Bytes
Taught by
Black Hat
Related Courses
Paradigms of Computer Programming – Abstraction and ConcurrencyUniversité catholique de Louvain via edX Cutting-Edge Blockchain Security Mechanisms
SkillUp EdTech via Coursera Java Multi-Threading Mastery: From Basics to Advanced
Board Infinity via Coursera Mastering Multithreading with Go
Edureka via Coursera Java Multithreading and Parallel Programming Masterclass
Packt via Coursera