A Brief History of Mitigation: The Path to EL1 in iOS 11

Presented at Black Hat USA 2018, Aug. 8, 2018, 4 p.m. (50 minutes)

In December last year, I released the async_wake exploit for iOS 11.1.2. In this talk, I'll cover how each step of the exploit worked and discuss in depth each mitigation which was defeated along the way.

I'll focus on what was supposed to make exploitation hard, what techniques other public exploits would have used in earlier iOS versions, and what mitigations we might see in iOS 12 and beyond (and how to break those too!).

Presenters:

• Ian Beer - Software Enginner, Google
  Ian Beer find bugs at google

Links:

• https://www.blackhat.com/us-18/briefings/schedule/#a-brief-history-of-mitigation-the-path-to-el1-in-ios-11-11569
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2018/A Brief History of Mitigation - The Path to EL1 in iOS 11.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2018/A Brief History of Mitigation - The Path to EL1 in iOS 11.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=iY6CQBgs1w0

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / The making of an iOS 11 jailbreak: Kiddie to kernel hacker in 14 sleepless nights.
• ekoparty 14 (2018) / iOS JB: Present and Future
• DEF CON 24 (2016) / A Journey Through Exploit Mitigation Techniques in iOS