You must remember Stefan Esser as known as @i0n1c, the man behind iOS 4.3.1 / 4.3.2 / 4.3.3 untethered jailbreak exploit. Esser gave an excellent presentation on “iOS kernel exploitation” techniques during the recent Blackhat Security Conference. Download link of this presentation is given below.
Esser revealed a tutorial which shows the hardware and techniques he used to exploit iOS. He gave this presentation “iOS Kernel Exploitation” at BlackHat Security Conference that was organized from July 30 to August 4th in Las Vegas.
Here is a brief description of his presentation:
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
Esser is known as a PHP security expert. These days he is focusing on iPhone security that includes ASLR and jailbreaking as an area of his interest. Previously he found a user land exploit to jailbreak iOS 4.3.1 / 4.3.2 / 4.3.3. He gave his exploit to iPhone Dev Team so they can put it behind their tools like Redsn0w to release an untethered jailbreak solution for public.
We cover all jailbreak and unlock news. Proof is our homepage VeryRite.com. Make sure you follow us.