The Evad3rs Dev-Team who released the Evasi0n jailbreak for iOS 6 presented their work at HITBSECCONF2013 in Amsterdam.
Pod2g, Planetbeing, Musclenerd and Pimskeks were on hand to present 'Swiping Through Modern Security Features' and HITB has posted their slides online for anyone to download.
For the iOS 6 public jailbreak, we started from scratch, and found successively a total of 8 vulnerabilities in a few months. In our presentation, we will paint a big picture of the iOS 6 security, and how the Mandatory Code Signing requirement is enforced which is the target of all jailbreak tools. Afterwards, we will present different ideas, vulnerabilities and exploits that lead to the iOS 6 jailbreak. We will start by discussing the injection of the payload, which involves new and clever approaches to the problem, then explain how userland code is triggered, untethered, and finally discuss how the kernel has been successfully exploited. We hope that this will give a new vision of the modern security protections and how they can be bypassed.
You can download the 100 page presentation from here.
[via @pimskeks]
Pod2g, Planetbeing, Musclenerd and Pimskeks were on hand to present 'Swiping Through Modern Security Features' and HITB has posted their slides online for anyone to download.
For the iOS 6 public jailbreak, we started from scratch, and found successively a total of 8 vulnerabilities in a few months. In our presentation, we will paint a big picture of the iOS 6 security, and how the Mandatory Code Signing requirement is enforced which is the target of all jailbreak tools. Afterwards, we will present different ideas, vulnerabilities and exploits that lead to the iOS 6 jailbreak. We will start by discussing the injection of the payload, which involves new and clever approaches to the problem, then explain how userland code is triggered, untethered, and finally discuss how the kernel has been successfully exploited. We hope that this will give a new vision of the modern security protections and how they can be bypassed.
You can download the 100 page presentation from here.
[via @pimskeks]