YoVDO

Attacking iPhone XS Max

Offered By: Black Hat via YouTube

Tags

Black Hat Courses Cybersecurity Courses Race Conditions Courses iOS Security Courses Use-After-Free Vulnerability Courses

Course Description

Overview

Explore the vulnerabilities of the iPhone XS Max in this Black Hat conference talk. Delve into Apple's Pointer Authentication Code (PAC) implementation and uncover an ancient bug in the XNU kernel that affects even the latest iOS releases. Learn how to exploit this vulnerability to bypass PAC and gain arbitrary kernel read/write access. Examine topics such as Unix Domain Socket, race conditions, use-after-free (UAF) vulnerabilities, and unprotected control flow transfer points. Discover the process of adding trust caches and gaining SSH access on the iPhone XS Max. Gain valuable insights into mobile device security and penetration testing techniques from speakers Tielei Wang and Hao Xu.

Syllabus

Intro
Outline
Unix Domain Socket
Race Condition
The fix
The pattern
UAF, let's look at the USE
Binary version may be better
PAC (Pointer Authentication Code)
UAF, let's look at the second USE
Got troubles while adding trust caches
tfpo's write capability for kernel image
Look for unprotected control flow transfer points
What can we do
Got ssh on iPhone XS Max
Black Hat Sound Bytes


Taught by

Black Hat

Related Courses

Paradigms of Computer Programming – Abstraction and Concurrency
Université catholique de Louvain via edX Concurrency in Go
University of California, Irvine via Coursera Многопоточность
Moscow Institute of Physics and Technology via Coursera Introduction to Ethereum DeFi Smart Contract Security & Exploits
Coursera Project Network via Coursera Concurrency in Go (Golang)
Udemy