iMessage Exploitation

Presented at Objective by the Sea version 3.0 (2020), March 12, 2020, 11 a.m. (50 minutes).

So called "0-click" exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone last year. This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone without any user interaction. Special attention will be given to features and internals specific to iOS and macOS that were (ab)used for exploitation.

Presenters:

• Samuel Groß - Security Researcher at Google Project Zero
  Samuel works at Google Project Zero where he does offensive security research, mainly focused on web browsers and mobile devices.

Links:

• https://objectivebythesea.org/v3/content.html#sGroß
• https://www.youtube.com/watch?v=-RnCsZNfYsc
• https://objectivebythesea.org/v3/talks/OBTS_v3_sGroß.pdf

Similar Presentations:

• Kiwicon V: It Goes b00m (2011) / iPhone, iPwn
• Black Hat USA 2019 / Look, No Hands! -- The Remote, Interaction-less Attack Surface of the iPhone