In the final part of the Hack in the Box presentation, experts from Azimuth Security Mark Dowd and Tarjei Mandt analyze heap overflows as a component of iOS 6 kernel attack vectors. In particular, they dissect and exemplify a number of primitives, namely adjacent disclosure, arbitrary memory disclosure, extended overflow, and a mix of these techniques. The section also encompasses main takeaways relating to iOS 6 security.
Having highlighted the protections and data leaking mitigations hard-coded into iOS 6, Mark Dowd and Tarjei Mandt are now focusing primarily on the attack vectors. More specifically, the attacks being overviewed are beyond the standard syscall table overwrites, kernel code patching, etc. The researchers describe kernel attacks in different scenarios which allow defeating ASLR.
The technique known as kernel address space protection, which is intended for preventing NULL and offset-to-NULL dereference vulnerabilities in iOS 6, is the key subject matter for discussion in this part. Mark Dowd and Tarjei Mandt dwell on how this problem used to be addressed in the previous version of the platform, and describe in detail how security checks and user/kernel validation are implemented in version 6.
In this part of their Hack in the Box presentation, Azimuth Security’s representatives provide an insight into the goals and tactics for iOS 6 data leaking mitigations, illustrating those with API code samples. Also, objectives and goals of the kernel ASLR strategy, namely randomizing kernel image base and kernel map, are being reviewed here.
Mark Dowd and Tarjei Mandt from Azimuth Security take the floor at the Hack in the Box conference to provide an all-around overview of iOS 6 security improvements, kernel-based mitigations for the platform, and jailbreak-related issues. The presentation covers iOS 6 kernel security details from both the defensive and offensive perspective.
As Remy Baumgarten proceeds with his presentation of Mach-O Viz, a solution for Mac OS X and iOS malware analysis, he dwells on the tool’s entire feature set broken into a variety of options for generating and viewing visualized data about a file of interest. Also, the expert provides a demo of how the application handles the samples of code for some known Mac malware.