The security design of iOS significantly reduces the attack surfaces for iOS. Since iOS has gained increasing attention due to its rising popularity, most major attack surfaces in iOS such as mobile safari and IOKit kernel extensions have been well studied and tested. This talk will first review some previously known attacks against these surfaces, and then focus on analyzing and pointing out those neglected attack surfaces. Furthermore, this talk will explore how to apply fuzzing testing and whitebox code auditing to the neglected attack surfaces and share interesting findings. In particular, this talk will disclose POCs for a number of crashes and memory corruption errors in system daemons, which are even triggerable through XPC (a lightweight inter-process communication mechanism) by any app running in the container sandbox, and analyze and share the POC for an out-of-boundary memory access 0day in the latest iOS kernel.
The Pangu team was responsible for both an iOS 7 and iOS 8 jailbreak. Just recently, the group demonstrated an iOS 8.3 jailbreak at the MOSEC security conference in Shanghai. The team did not mention any release for the jailbreak, but some believe we could see a jailbreak once iOS 8.4 is released.
TaiG, the other Chinese jailbreak team, says they have no plans to release an iOS 8.3 or iOS 8.4 jailbreak. Instead, they are focusing their efforts on iOS 9.
Read More via Superphen