Explore the evolution of iOS kernel Pointer Authentication (PAC) in this 41-minute Black Hat conference talk. Delve into the improvements and persistent vulnerabilities of PAC since its initial assessment in February 2019. Examine five new methods for bypassing kernel PAC to achieve arbitrary kernel code execution on iOS 13.3. Gain insights into the fundamental challenges of defending kernel control flow against attackers with kernel memory access, despite significant advancements beyond the ARMv8.3 standard. Learn from security researcher Brandon Azad's findings and analysis of iOS kernel security measures over the course of a year.
Overview
Syllabus
iOS Kernel PAC, One Year Later
Taught by
Black Hat
