The presentation discusses the vulnerabilities found in Apple's iMessage and FaceTime applications and the attack surface exposed by messaging interface.
- The speaker found significant improvements in the fist x implementation but also discovered many trivial bugs in the attack surface exposed by messaging interface.
- The presentation focuses on two types of vulnerabilities: stack overflows and hipper flows.
- The speaker explains how an attacker can send a notification to the victim's device through a pessoa, PSD, and i-10 service T, and how an attacker can send a signal packet to AV Conference D through i-10 SOC.
- The presentation highlights the need for more attention to be given to the attack surface exposed by messaging interface.
- The speaker encourages security researchers to take another look at the attack surface to find more interesting vulnerabilities.
The speaker explains how an attacker can send a notification to the victim's device through a pessoa and a PSD. The notification generates a UI notification that prompts the victim to accept the notification. Once the victim accepts the notification, the UI notification is sent across service T and handled by a PSD caller. The caller then deserializes the APS message and passes the data to attend service T. The real value of CL k c is the 233, which means the notification is an accept message. The victim's device is then connected to the attacker's device, and all the data is transformed from a through the socket with UDP or TCP.
Zero-click or one-click remote exploits targeting Apple FaceTime or iMessage attract increasing attention, but neither real world vulnerabilities nor the attack surfaces in such targets were fully studied and analyzed in the past. In this talk, we will share reverse engineering results of FaceTime, with a focus on the process of the initialization and connection of a FaceTime call. Along with the attacker-controlled data propagation path, we will discuss different attack surfaces for FaceTime. In particular, besides trivial denial of service issues, we will describe a number of vulnerabilities in FaceTime (and other relevant components), including memory corruption flaws such as heap and stack overflow and out-of-bounds read issues, and develop and demonstrate PoC exploits that can lead to a fully-controlled Objective C ISA pointer or program counter (PC) in FaceTime, affecting both Mac OS and iOS.