Tales from iOS 6 Exploitation and iOS 7 Security Changes presented at HITBSecConf Malaysia 2013

by Stefan Esser,

Summary : During SyScan Singapore 2013 lots of innocent iOS vulnerabilities have been murdered. However one of the disclosed kernel information leak vulnerabilities turned out to be an actual memory corruption that could have been used in a drive by attack or public jailbreak. Not having realized the full impact of this vulnerability back then, the author wishes to redeem himself by explaining how this vulnerability is actually exploitable and what troubles one will run into when attempting todo.
In the first part of this presentation the wrongly categorized bug and its exploitation will be outlined and in the second part of this presentation security relevant changes in iOS 7, which is expected to be released at the time of the conference, will be discussed.