Exploiting Unpatched iOS Vulnerabilities for Fun and Profit

Channel:

All Hacking Cons

Subscribers:

5,970

Published on January 2, 2022 2:35:04 PM ● Video Link: https://www.youtube.com/watch?v=c8VnRStbyNI

Duration: 43:46

4 views

Patching all vulnerabilities for a modern, complex software system (i.e., Windows, iOS) is often difficult due to the volume of bugs and response time requirements. Instead, software vendors usually devise quick workarounds to mitigate the exploitation of a given vulnerability. However, those patches are sometimes incomplete, and attackers can utilize different attack vectors to re-exploit a patched vulnerability. iOS is no exception.

In this presentation, we will disclose our process for jailbreaking the latest version of iOS (version 7.1.1), running on any iOS device including the iPhone 5s as well as older iPads and iPods. We start by finding new ways to exploit vulnerabilities with incomplete patches. We then use these vulnerabilities to discover new avenues of attack. Finally, we chain together these vulnerabilities and new attacks to run unsigned code out of the sandbox with root permissions and to defeat mandatory code signing. We include a detailed disclosure of several new vulnerabilities and the exploit techniques that we developed.
PRESENTED BY
Yeongjin Jang, Tielei Wang, Byoungyoung Lee, Billy Lau

Black Hat - USA - 2014 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security

Other Videos By All Hacking Cons

2022-01-02	802 1x and Beyond
2022-01-02	From Attacks to Action Building a Usable Threat Model to Drive Defensive Choices
2022-01-02	Bitcoin Transaction Malleability Theory in Practice
2022-01-02	A Journey to Protect Points of Sale
2022-01-02	Extreme Privilege Escalation on Windows 8 UEFI Systems
2022-01-02	Babar ians at the Gate Data Protection at Massive Scale
2022-01-02	Exposing Bootkits with BIOS Emulation
2022-01-02	Attacking Mobile Broadband Modems Like a Criminal Would
2022-01-02	Creating a Spider Goat Security with Intel CPU Transactional Memory Support
2022-01-02	APT Attribution and DNS Profiling
2022-01-02	Exploiting Unpatched iOS Vulnerabilities for Fun and Profit
2022-01-02	Contemporary Automatic Program Analysis
2022-01-02	Android FakeID Vulnerability Walkthrough
2022-01-02	Full System Emulation Achieving Successful Automated Dynamic Analysis of Evasive Malware
2022-01-02	Breaking the Security of Physical Devices by Silvio Cesare
2022-01-02	A Practical Attack Against VDI Solutions
2022-01-02	Bringing Software Defined Radio to the Penetration Testing Community
2022-01-02	Building Safe Systems at Scale Lessons from Six Months at Yahoo
2022-01-02	A Scalable, Ensemble Approach for Building and Visualizing Deep Code Sharing Networks
2022-01-02	GRR Find All the Badness, Collect All the Things
2022-01-02	A Survey of Remote Automotive Attack Surfaces

Tags:

data

hacker

security

computer

cyber

internet

technology

hacking

attack

digital

virus

information

hack

online

code

web

concept

protection

network

fraud

malware

secure

identity

software

access

system

firewall

communication

account

spy

programmer

spyware

hacked

hacking conference

conference

2022

cybersecurity

owned

break in

securing

exploit

exploitation

recon

social engineering

Yeongjin Jang

Tielei Wang

Byoungyoung Lee

Billy Lau

hacking iphone

ios

apple

exploiting

vulnerabilities

Channel	Latest
Icehiteru	7 hours ago
Funky Black Cat	8 hours ago
AnimeToons	9 hours ago
IntroGameOver	13 hours ago
Beyond the Brick	14 hours ago
alanzoka	14 hours ago
CarbotAnimations	15 hours ago
UpUpDownDown	15 hours ago
Sey Senpai	17 hours ago
Thinknoodles	18 hours ago
BeastBoyShub	18 hours ago
RC Kowters	18 hours ago
Andre Nicholas	18 hours ago
XOTICTRE	19 hours ago
Anikilo - Squad Busters	19 hours ago
BUMNOX	19 hours ago
Tin2x Mix Vlog	19 hours ago
xHedi92x	19 hours ago
ALL SERIES	19 hours ago
Wolf Rider Gamerz	19 hours ago
Fragilistic	19 hours ago
Onua966	19 hours ago
Perimlbb	19 hours ago
BimbimFun!	19 hours ago
NBC長崎放送	19 hours ago