Overview
Explore a critical design flaw in iOS development tools that allowed remote code execution on pre-iOS 14 devices in this 44-minute conference talk from Nullcon Goa 2022. Dive into the discovery, research, and exploitation of the vulnerability in MobileDevice.framework and Xcode. Learn about iOS device services, lockdownd, and past vulnerabilities. Follow the speaker's journey through the vulnerability disclosure process and Apple's response. Gain insights into network attacks, GDB sessions, and full session takeovers. Understand the downgrade attack explained and the timeline of events leading to the flaw's resolution. Suitable for information security professionals and iOS developers interested in understanding and preventing such vulnerabilities.
Syllabus
Intro
Agenda
Past vulnerabilities
Launchdown
Vulnerability
Research
Mobile Device
Summary
Exploitability
How to exploit
Network traffic
GDB session
Add second client
Add third client
Full session Takeover
Second client
Remote code execution
Vulnerability disclosure
Disclosure timeline
Downgrad attack
Downgrad attack explained
What did Apple do
Full disclosure timeline
Conclusion
Taught by
nullcon