YoVDO

iOS 10 Kernel Heap Revisited

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses iOS Security Courses Kernel Exploitation Courses

Course Description

Overview

Dive into the intricacies of iOS 10 kernel heap exploitation in this comprehensive conference talk from HITB GSEC 2016. Explore the evolution of the iOS Kernel Heap since iOS 4 and 5, examining Apple's hardening efforts against heap exploitation attacks. Gain detailed insights into the current state of iOS kernel heap exploitation, focusing on iOS 9 and iOS 10 beta versions. Learn about Apple's countermeasures against exploitation techniques used in the wild and discover how attackers can adapt. Get a sneak peek into new iOS 10 kernel exploitation mitigations visible in beta versions. Presented by Stefan Esser, a renowned PHP security expert and iOS security researcher, this 65-minute session covers topics such as the Kernel Zone Heap Allocator, Zone Memory, Dynamic Length Allocations, Kernel Heap Allocation Debugging, and various protection mechanisms implemented by Apple.

Syllabus

Intro
Kernel Zone Heap Allocator
Zone Allocator Usage
Zone Memory (Pages)
Dynamic Length Allocations?
Kernel Heap Allocation Debugging (1)
Zone Structure
Free Memory Blocks
How attackers abused the iOS 5 Zone Allocator
IOS & Heap Cookie Leak Protection
Zone Pagelist Feature
Zone Page Meta Data
Zone Pagelists
Allocation under Page Lists
Freeing under Page Lists
Was there a memory corruption? Yes? Continue!
Less Frequent Large Block Poisoning
Zone Page Metadata
Fored Zomestructure Array
new zone metadata region
page freelists
Metadata vs. Wrong Zone Frees
Wrappers and Metadata


Taught by

Hack In The Box Security Conference

Related Courses

Ethical Hacking: Mobile Devices and Platforms
LinkedIn Learning
Learning Mobile Device Security
LinkedIn Learning
Supporting Face ID and Touch ID Authentication in iOS Using Swift 5
Pluralsight
CNIT 128: Hacking Mobile Devices
CNIT - City College of San Francisco via Independent
Ethical Hacking: Hacking Mobile Platforms
Pluralsight