Exploiting Userland Vulnerabilities to Get Rogue App Installed Remotely on iOS 11

Exploiting Userland Vulnerabilities to Get Rogue App Installed Remotely on iOS 11

Recon Conference via YouTube Direct link

Typical exploit chain (mobile Pwn20wn) 1/2

3 of 17

3 of 17

Typical exploit chain (mobile Pwn20wn) 1/2

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Exploiting Userland Vulnerabilities to Get Rogue App Installed Remotely on iOS 11

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Agenda
  3. 3 Typical exploit chain (mobile Pwn20wn) 1/2
  4. 4 Why not a kernel bug to escape the sandbox?
  5. 5 iOS sandbox overview
  6. 6 Our strategy on sandbox bypass
  7. 7 General approach to exploit double free
  8. 8 Problem 1: fill in object B
  9. 9 Problem 2: stable race to fill
  10. 10 CF object fill into vm_allocate
  11. 11 The strategy doesn't work
  12. 12 Android Comparison
  13. 13 Pegasus APT
  14. 14 Initial Step: Setting up the required files
  15. 15 Final step, showing the app
  16. 16 Examining the roadblocks
  17. 17 iOS 12 sandbox hardening

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.