Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Contextomy - Let's Debug Together

nullcon via YouTube

Overview

Explore a critical design flaw in iOS development tools that allowed remote code execution on pre-iOS 14 devices in this 44-minute conference talk from Nullcon Goa 2022. Dive into the discovery, research, and exploitation of the vulnerability in MobileDevice.framework and Xcode. Learn about iOS device services, lockdownd, and past vulnerabilities. Follow the speaker's journey through the vulnerability disclosure process and Apple's response. Gain insights into network attacks, GDB sessions, and full session takeovers. Understand the downgrade attack explained and the timeline of events leading to the flaw's resolution. Suitable for information security professionals and iOS developers interested in understanding and preventing such vulnerabilities.

Syllabus

Intro
Agenda
Past vulnerabilities
Launchdown
Vulnerability
Research
Mobile Device
Summary
Exploitability
How to exploit
Network traffic
GDB session
Add second client
Add third client
Full session Takeover
Second client
Remote code execution
Vulnerability disclosure
Disclosure timeline
Downgrad attack
Downgrad attack explained
What did Apple do
Full disclosure timeline
Conclusion

Taught by

nullcon

Reviews

Start your review of Contextomy - Let's Debug Together

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.