iOS JB: Present and Future presented at ekopartySecurityConference 2018

by Jonathan Levin,

Summary : The art of iOS Jailbreaking has evolved to meet and exceed Apple’s security defenses. But it’s getting harder, and iOS 12 will make it even harder. This talk discusses the current post-exploitation techniques, iOS 12 security hardening measures, and the feasibility of JBs in iOS 12 and beyond.Discussion of recent sandbox to kernel vulnerabilities, in particular async_wake, mptcp, and vfs exploits.Discussion of alternative techniques via sandbox escape (remote code execution in existing iOS binaries).Kernel data patching only approaches, in light of KTRR.Discussion of current (iOS 11) post exploitation techniques, the QiLin Toolkit (http://NewOSXBook.com/QiLin/).Review of Apple mitigations found in iOS 12, their impact on future JB, and their sheer irrelevance for APTs.The hopes for a future untethered Jailbreak, and its impact.