A Brief History of Mitigation: The Path to EL1 in iOS 11

Black Hat USA 2018

Presented by: Ian Beer
Date: Wednesday August 08, 2018
Time: 16:00 - 16:50
Location: Lagoon GHI

In December last year, I released the async_wake exploit for iOS 11.1.2. In this talk, I'll cover how each step of the exploit worked and discuss in depth each mitigation which was defeated along the way.

I'll focus on what was supposed to make exploitation hard, what techniques other public exploits would have used in earlier iOS versions, and what mitigations we might see in iOS 12 and beyond (and how to break those too!).

Ian Beer

Ian Beer find bugs at google


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats