iOS Kernel Exploitation, A Tutorial On iOS Jailbreaking Techniques By Stefan Esser


by casey on September 17, 2011

You must remember Stefan Esser as known as @i0n1c, the man behind iOS 4.3.1 / 4.3.2 / 4.3.3 untethered jailbreak exploit. Esser gave an excellent presentation on “iOS kernel exploitation” techniques during the recent Blackhat Security Conference. Download link of this presentation is given below.

Esser revealed a tutorial which shows the hardware and techniques he used to exploit iOS. He gave this presentation “iOS Kernel Exploitation” at BlackHat Security Conference that was organized from July 30 to August 4th in Las Vegas.

iOS kernel exploitation

iOS kernel exploitation2

Here is a brief description of his presentation:

The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.

This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.

Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.

ios jailbreaking techniques

ios kernel exploit

Esser is known as a PHP security expert. These days he is focusing on iPhone security that includes ASLR and jailbreaking as an area of his interest. Previously he found a user land exploit to jailbreak iOS 4.3.1 / 4.3.2 / 4.3.3. He gave his exploit to iPhone Dev Team so they can put it behind their tools like Redsn0w to release an untethered jailbreak solution for public.

We cover all jailbreak and unlock news. Proof is our homepage Make sure you follow us.

Follow us onTWITTERorLike Facebook Pageto stay connected to get daily Internet News.

We Write Very Rite

Previous post:

Next post: