Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Attacking iPhone XS Max

Black Hat via YouTube

Overview

Explore the vulnerabilities of the iPhone XS Max in this Black Hat conference talk. Delve into Apple's Pointer Authentication Code (PAC) implementation and uncover an ancient bug in the XNU kernel that affects even the latest iOS releases. Learn how to exploit this vulnerability to bypass PAC and gain arbitrary kernel read/write access. Examine topics such as Unix Domain Socket, race conditions, use-after-free (UAF) vulnerabilities, and unprotected control flow transfer points. Discover the process of adding trust caches and gaining SSH access on the iPhone XS Max. Gain valuable insights into mobile device security and penetration testing techniques from speakers Tielei Wang and Hao Xu.

Syllabus

Intro
Outline
Unix Domain Socket
Race Condition
The fix
The pattern
UAF, let's look at the USE
Binary version may be better
PAC (Pointer Authentication Code)
UAF, let's look at the second USE
Got troubles while adding trust caches
tfpo's write capability for kernel image
Look for unprotected control flow transfer points
What can we do
Got ssh on iPhone XS Max
Black Hat Sound Bytes

Taught by

Black Hat

Reviews

Start your review of Attacking iPhone XS Max

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.