Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

NSPredicate Exploitation on macOS and iOS - Understanding Security Vulnerabilities and Bypasses

DEFCONConference via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a technical security presentation from DEF CON 31 that delves into NSPredicate exploitation techniques on Apple's macOS and iOS platforms. Learn about the groundbreaking FORCEDENTRY sandbox escape from 2021 and discover how researchers found ways to bypass Apple's subsequent security restrictions in iOS 16. Gain insights into the complete NSPredicate syntax, understanding how it interfaces with Objective-C runtime and enables C function calls. Master the techniques for circumventing PAC (Pointer Authentication Code) using NSPredicates to achieve reliable code execution with arbitrary arguments. Get hands-on experience with a new tool designed for crafting complex NSPredicates and injecting them into applications. Examine real-world exploitation scenarios, including code execution in the Preferences app and bypassing NSPredicateVisitor implementations to access sensitive system processes. Watch live demonstrations of SpringBoard exploitation for accessing user notifications and location data. Conclude with practical knowledge about current NSPredicate capabilities, including App Store Review bypasses, and essential security considerations for app developers.

Syllabus

DEF CON 31 - Apples Predicament - NSPredicate Exploitation on macOS and iOS - Austin Emmitt

Taught by

DEFCONConference

Reviews

Start your review of NSPredicate Exploitation on macOS and iOS - Understanding Security Vulnerabilities and Bypasses

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.