iOS JB: Present and Future

Presented at ekoparty 14 (2018), Sept. 27, 2018, 9:50 a.m. (50 minutes).

The art of iOS Jailbreaking has evolved to meet and exceed Apple's security defenses. But it's getting harder, and iOS 12 will make it even harder. This talk discusses the current post-exploitation techniques, iOS 12 security hardening measures, and the feasibility of JBs in iOS 12 and beyond. Discussion of recent sandbox to kernel vulnerabilities, in particular async_wake, mptcp, and vfs exploits. Discussion of alternative techniques via sandbox escape (remote code execution in existing iOS binaries). Kernel data patching only approaches, in light of KTRR. Discussion of current (iOS 11) post exploitation techniques, the QiLin Toolkit (http://NewOSXBook.com/QiLin/). Review of Apple mitigations found in iOS 12, their impact on future JB, and their sheer irrelevance for APTs. The hopes for a future untethered Jailbreak, and its impact.

Presenters:

  • Jonathan Levin
    Jonathan Levin is the CTO of Tchnologeeks, a partnership of expert consultants and trainers focused on the "Big Three" (Linux, MacOS and Windows) and their mobile derivatives (Android, iOS). Jonathan is also the author of "Android Internals" and the "*OS Internals" Trilogy (Formerly. "MacOS/iOS Internals), and his books serve as definitive references for researchers and platform engineers worldwide.

Links:

Similar Presentations: