Explore the often-overlooked attack surfaces in iOS 8 through this comprehensive Black Hat conference talk. Delve into a review of previously known attacks against major surfaces like mobile Safari and IOKit kernel extensions. Focus on analyzing and identifying neglected attack surfaces in iOS. Learn how to apply fuzzing testing and whitebox code auditing techniques to these overlooked areas. Discover interesting findings, including proof-of-concept demonstrations for crashes and memory corruption errors in system daemons, which can be triggered through XPC by sandboxed apps. Examine and analyze a proof-of-concept for an out-of-boundary memory access zero-day vulnerability in the latest iOS kernel. Gain valuable insights into iOS security design and potential vulnerabilities from speakers Tielei Wang, Hao Xu, and Xiaobo Chen in this 51-minute presentation.
Overview
Syllabus
Review And Exploit Neglected Attack Surfaces In iOS 8
Taught by
Black Hat