Researchers from the Georgia Institute of Technology deliver a remarkable presentation at the Black Hat conference, highlighting iOS security essentials and an unprecedented proof-of-concept attack that they came up with. In particular, the study provides a non-trivial perspective of how the so-called ‘walled garden model’ is implemented, with its strong points as well as shortcomings. Importantly, the Mactans concept is also overviewed in this presentation, describing the process of attacking iDevices via an especially designed charger.
The blend of online protection, sensitive data guards, anti-theft, powerful optimization features and dedicated customer support makes this suite a nearly perfect match for the average Mac user when it comes to keeping the machine safe and performing at its peak.
In the final part of the Hack in the Box presentation, experts from Azimuth Security Mark Dowd and Tarjei Mandt analyze heap overflows as a component of iOS 6 kernel attack vectors. In particular, they dissect and exemplify a number of primitives, namely adjacent disclosure, arbitrary memory disclosure, extended overflow, and a mix of these techniques. The section also encompasses main takeaways relating to iOS 6 security.
Having highlighted the protections and data leaking mitigations hard-coded into iOS 6, Mark Dowd and Tarjei Mandt are now focusing primarily on the attack vectors. More specifically, the attacks being overviewed are beyond the standard syscall table overwrites, kernel code patching, etc. The researchers describe kernel attacks in different scenarios which allow defeating ASLR.
The technique known as kernel address space protection, which is intended for preventing NULL and offset-to-NULL dereference vulnerabilities in iOS 6, is the key subject matter for discussion in this part. Mark Dowd and Tarjei Mandt dwell on how this problem used to be addressed in the previous version of the platform, and describe in detail how security checks and user/kernel validation are implemented in version 6.
In this part of their Hack in the Box presentation, Azimuth Security’s representatives provide an insight into the goals and tactics for iOS 6 data leaking mitigations, illustrating those with API code samples. Also, objectives and goals of the kernel ASLR strategy, namely randomizing kernel image base and kernel map, are being reviewed here.