Ro(o)tten Apples: Vulnerability Heaven in the iOS Sandbox

Presented at Black Hat Europe 2017, Dec. 7, 2017, 11:30 a.m. (60 minutes).

In modern days, no exploitation chain can be considered complete without a reliable privilege escalation vulnerability. This is why many security researchers spend a lot of their research time in finding those vulnerabilities. Apple has set a new standard in iOS security by implementing many innovative techniques to prevent exploitation of PE vulnerabilities, however despite their continuous efforts some areas of iOS still remain more exposed than others to this kind of vulnerabilities. This presentation will shed a light on some critical areas in the iOS kernel, that have been proven to contain many privilege escalation vulnerabilities that can potentially affect hundred of millions of iOS devices. In this talk, we will overview these yet unexplored areas and present a chain of vulnerabilities, leading to a complete kernel privilege escalation exploit while bypassing all the latest kernel mitigations Apple introduced.


Presenters:

  • Adam Donenfeld - Security Researcher, Zimperium
    Adam Donenfeld is a mobile security researcher at Zimperium with vast experience in the mobile research field. Researching vulnerabilities and exploiting them for both PC and mobile environments, Adam has presented his researches at several international security conferences including Black Hat, DEF CON and HITB.

Links:

Similar Presentations: