Contextomy - Let's Debug Together
Offered By: nullcon via YouTube
Course Description
Overview
Explore a critical design flaw in iOS development tools that allowed remote code execution on pre-iOS 14 devices in this 44-minute conference talk from Nullcon Goa 2022. Dive into the discovery, research, and exploitation of the vulnerability in MobileDevice.framework and Xcode. Learn about iOS device services, lockdownd, and past vulnerabilities. Follow the speaker's journey through the vulnerability disclosure process and Apple's response. Gain insights into network attacks, GDB sessions, and full session takeovers. Understand the downgrade attack explained and the timeline of events leading to the flaw's resolution. Suitable for information security professionals and iOS developers interested in understanding and preventing such vulnerabilities.
Syllabus
Intro
Agenda
Past vulnerabilities
Launchdown
Vulnerability
Research
Mobile Device
Summary
Exploitability
How to exploit
Network traffic
GDB session
Add second client
Add third client
Full session Takeover
Second client
Remote code execution
Vulnerability disclosure
Disclosure timeline
Downgrad attack
Downgrad attack explained
What did Apple do
Full disclosure timeline
Conclusion
Taught by
nullcon
Related Courses
Ethical Hacking in 15 Hours - 2023 Edition - Learn to HackCyber Mentor via YouTube macOS Security Features Bypasses by Example
nullcon via YouTube Exploiting Android Messengers with WebRTC
nullcon via YouTube XNU Heap Exploitation - From Kernel Bug to Kernel Control
nullcon via YouTube Don't Ruck Us Too Hard - Owning All of Ruckus AP Devices
nullcon via YouTube