We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Tales of old: untethering iOS 11

Formale Metadaten

Titel
Tales of old: untethering iOS 11
Untertitel
Spoiler: Apple is bad at patching
Serientitel
Anzahl der Teile
254
Autor
Lizenz
CC-Namensnennung 4.0 International:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution. This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are.
Schlagwörter