36C3 - Tales of old: untethering iOS 11
- Title:
- 36C3 - Tales of old: untethering iOS 11
- Description:
-
more » « less
https://media.ccc.de/v/36c3-11034-tales_of_old_untethering_ios_11
Spoiler: Apple is bad at patching
This talk is about running unsigned code at boot on iOS 11. I will demonstrate how you can start out with a daemon config file and end up with kernel code execution.
This talk is about achieving unsigned code execution at boot on iOS 11 and using that to jailbreak the device, commonly known as "untethering". This used to be the norm for jailbreaks until iOS 9.1 (Pangu FuXi Qin - October 2015), but hasn't been publicly done since. I will unveil a yet unfixed vulnerability in the config file parser of a daemon process, and couple that with a kernel 1day for full system pwnage. I will run you through how either bug can be exploited, what challenges we faced along the way, and about the feasibility of building a kernel exploit entirely in ROP in this day and age, on one of the most secure platforms there are.
littlelailo
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/events/11034.html
- Video Language:
- English
- Duration:
- 39:15
Bar Sch edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
alcuna edited English subtitles for 36C3 - Tales of old: untethering iOS 11 | ||
C3Subtitles edited English subtitles for 36C3 - Tales of old: untethering iOS 11 |