The presentation discusses the iOS sandbox design and its weaknesses, as well as the improvements made by Apple over the years. The speaker also shares their personal experience with jailbreaking and visiting libraries in America.
- The iOS sandbox design is a powerful access control mechanism that neutralizes many vulnerabilities with almost no overhead added.
- The restrictions placed on a process depend on four conditions: all files must have a code signature to run, processes are limited to their own sandbox, processes cannot access other processes' memory, and processes cannot execute unsigned code.
- The iOS sandbox design has improved over the years, with Apple implementing stronger restrictions and adding new features like entitlements.
- The speaker shares their personal experience with jailbreaking and visiting libraries in America, highlighting the positive aspects of free access to libraries and makerspaces.
The speaker shares their experience attending the 2015 Jailbreak Con in San Francisco, where they were the youngest attendee and barely spoke English. They were helped by a man named Alfred, who introduced them to other attendees and even found a female staff member to assist them. The speaker also mentions their love for American libraries and makerspaces, which they believe are gifts for people living in America.
Jailbreaking refers to obtaining the kernel privilege of iOS, by means of the development of vulnerabilities. Usually, at least one kernel vulnerability is used. By overwriting the sensitive data structure in the kernel, the jailbreaker could run unauthorized code on the device without restrictions. It could then be used for performing code injection and data interception upon any process on the device. Thus, sometimes, a jailbreaker may not be the owner of the device, but an intruder who wants to steal or manipulate information, and that includes spreading misinformation.This talk will cover in detail how a series of iOS vulnerabilities are exploited to achieve Jailbreak on iOS 13.7. I'll be talking about their root cause, techniques used during the exploit development to bypass the mitigations that are unique to iOS, ultimately get the privilege of reading and writing kernel memory and demonstrate the potential malicious impact of the attack. The rest of my talk will be related to how these vulnerabilities were discovered, tips for reverse engineering. As an independent researcher, I hope to give some inspiration to the audience.