We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Cought you - Reveal and Exploit IPC Logic Bugs in Apple

Formal Metadata

Title
Cought you - Reveal and Exploit IPC Logic Bugs in Apple
Title of Series
Number of Parts
84
Author
License
CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Apple's iOS, macOS and other OS have existed for a long time. There are numerous interesting logic bugs hidden for many years. We demonstrated the world's first public 0day exploit running natively on Apple M1 on a MacBook Air (M1, 2020). Without any modification, we exploited an iPhone 12 Pro with the same bug. In this talk, we will show you the advantage and beauty of the IPC logic bugs, how we rule all Apple platforms, Intel and Apple Silicon alike, even with all the latest hardware mitigations enabled, without changing one line of code. We would talk about the security features introduced by Apple M1, like Pointer Authentication Code (PAC), System Integrity, and Data Protection. How did they make exploiting much harder to provide better security and protect user's privacy. We will talk about different IPC mechanisms like Mach Message, XPC, and NSXPC. They are widely used on Apple platforms which could be abused to break the well designed security boundaries. We will walk you through some incredibly fun logic bugs we have discovered, share the stories behind them and methods of finding them, and also talk about how to exploit these logic bugs to achieve privilege escalation. REFERENCES: https://www.youtube.com/watch?v=Kh6sEcdGruU https://support.apple.com/en-us/HT211931 https://support.apple.com/en-us/HT211850 https://support.apple.com/en-us/HT212011 https://support.apple.com/en-us/HT212317 https://helpx.adobe.com/security/products/acrobat/apsb20-24.html https://helpx.adobe.com/security/products/acrobat/apsb20-48.html https://helpx.adobe.com/security/products/acrobat/apsb20-67.html