Overview
Explore the vulnerabilities and security challenges in iOS 6, 7, and 8 through this 49-minute conference talk from SyScan'15 Singapore. Delve into jailbreak persistence techniques, bug fixes, and new exploits. Examine Apple's mistakes, Pangu and Taiji jailbreaks, and the historical perspective of iOS security. Learn about incomplete code signing, time-of-use vulnerabilities, and Apple's attempts to patch these issues. Discover the differences between jailbreaks made in China and those by Western developers. Gain insights into iOS security through practical examples, including mock API calls and text request analysis, providing a comprehensive overview of iOS security failures and their implications.
Syllabus
Introduction
Apple is rich on fail
Jailbreak persistency
Bug fixes
New tricks
Launch Demon
New Chain
Apples Mistake
Pangu Mistake
Apple Fixes
Pangu Jailbreak
Taiji Jailbreak
Exploit
Historical Perspective
Patient Alpha
What is incomplete code signing
Time of use
The trick
Apples fixes
Apples fix
Macports
iOS 6 Fix
Fun Fact
iOS 8 Update
Text Request
Mock API Call
Get Loaded Text Info
What you get back
iOS 6 20
Macro
Jailbreak made in China
Western Jailbreakers
Conclusions
Taught by
SyScan360