Attacking iPhone XS Max

Channel:

All Hacking Cons

Subscribers:

5,970

Published on January 8, 2022 1:06:02 AM ● Video Link: https://www.youtube.com/watch?v=7dRM9Tf2-_w

Duration: 34:38

2 views

Attacking iPhone XS Max
Tielei Wang | Co-founder, Team Pangu
Hao Xu | Co-founder, Team Pangu
Location: South Pacific
Date: Thursday, August 8 | 3:50pm-4:40pm
Format: 50-Minute Briefings
Tracks: Mobile, Exploit Development

With the release of iPhone XS and XS Max, Apple's implementation of Pointer Authentication Code (PAC) on the A12 SoC comes more into play for exploit mitigations. While PAC effectively makes many of our own kernel vulnerabilities unexploitable on iPhone XS/XS Max, we were able to achieve tethered jailbreaks on iPhone XS/XS Max. This talk will describe this process. Specifically, this talk will first discuss Apple's PAC implementation based on our tests, introduce an ancient bug in the XNU that is still affecting the latest official release of iOS (i.e. 12.1.4), and then elaborate how to exploit it to bypass PAC and gain arbitrary kernel read/write. Finally, this talk will explain post exploitation techniques including how to make arbitrary kernel function call based on arbitrary kernel read/write.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security

Other Videos By All Hacking Cons

2022-01-08	On Trust Stories from the Front Lines
2022-01-08	The Future of Securing Intelligent Electronic Devices Using the IEC 62351 7 Standard for Monitoring
2022-01-08	Operational Templates for State Level Attack and Collective Defense of Countries
2022-01-08	Internet Scale Analysis of AWS Cognito Security
2022-01-08	Paging All Windows Geeks Finding Evil in Windows 10 Compressed Memory
2022-01-08	Legal GNSS Spoofing and its Effects on Autonomous Vehicles
2022-01-08	Reverse Engineering WhatsApp Encryption for Chat Manipulation and More
2022-01-08	Lessons and Lulz The 5th Annual Black Hat USA NOC Report
2022-01-08	Rogue7 Rogue Engineering Station Attacks on S7 Simatic PLCs
2022-01-08	PeriScope An Effective Probing and Fuzzing Framework for the Hardware OS Boundary
2022-01-07	Attacking iPhone XS Max
2022-01-07	Come Join the CAFSA - Continuous Automated Firmware Security Analysis
2022-01-07	Defense Against Rapidly Morphing DDOS
2022-01-07	Automation Techniques in C++ Reverse Engineering
2022-01-07	He Said, She Said – Poisoned RDP Offense and Defense
2022-01-07	Command Injection in F5 iRules
2022-01-07	Battle of Windows Service: A Silver Bullet to Discover File Privilege Escalation Bugs Automatically
2022-01-07	Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities
2022-01-07	HostSplit: Exploitable Antipatterns in Unicode Normalization
2022-01-07	Behind the scenes of iOS and Mac Security
2022-01-07	How Do Cyber Insurers View The World?

Tags:

data

hacker

security

computer

cyber

internet

technology

hacking

attack

digital

virus

information

hack

online

password

code

web

concept

protection

network

scam

fraud

malware

secure

identity

criminal

phishing

software

safety

theft

system

firewall

communication

business

privacy

binary

account

spy

programmer

program

spyware

hacked

hacking conference

conference

learn

how to

2022

cybersecurity

owned

break in

google

securing

exploit

exploitation

recon

social engineering

Hao Xu

Tielei Wang

Channel	Latest
Hutts 2	7 hours ago
Icehiteru	9 hours ago
Skyprince777	9 hours ago
Funky Black Cat	10 hours ago
AnimeToons	11 hours ago
Kage848	11 hours ago
GLITCH	14 hours ago
IntroGameOver	15 hours ago
Beyond the Brick	16 hours ago
alanzoka	16 hours ago
CarbotAnimations	17 hours ago
UpUpDownDown	17 hours ago
BanryuTV	19 hours ago
Sey Senpai	19 hours ago
Thinknoodles	20 hours ago
BeastBoyShub	20 hours ago
RC Kowters	20 hours ago
Andre Nicholas	20 hours ago
XOTICTRE	21 hours ago
Anikilo - Squad Busters	21 hours ago
BUMNOX	21 hours ago
Tin2x Mix Vlog	21 hours ago
xHedi92x	21 hours ago
ALL SERIES	21 hours ago
Wolf Rider Gamerz	21 hours ago