Видео
youtube.com/watch?v=lIlg1MpEL8o
Слайды
This talk aims to explain how iMessage exploitation techniques, as known to the public, have evolved in recent times. After a brief overview of the iMessage architecture, the talk will recapitulate how memory corruption vulnerabilities could be exploited over iMessage without user interaction up until around 2-3 years ago. It then dives into a set of iMessage hardening measures implemented by Apple since 2020, and how these have affected exploitation. These include various architectural changes, such as the new BlastDoor sandboxing service, as well as specific exploit mitigations to render previous exploitation techniques, for example for bypassing ASLR, ineffective. The talk concludes with a high-level look at how the iMessage exploit caught in-the-wild by Citizenlab in mid-2021 worked and in which ways it was affected by those hardening measures.
youtube.com/watch?v=lIlg1MpEL8o
Слайды
This talk aims to explain how iMessage exploitation techniques, as known to the public, have evolved in recent times. After a brief overview of the iMessage architecture, the talk will recapitulate how memory corruption vulnerabilities could be exploited over iMessage without user interaction up until around 2-3 years ago. It then dives into a set of iMessage hardening measures implemented by Apple since 2020, and how these have affected exploitation. These include various architectural changes, such as the new BlastDoor sandboxing service, as well as specific exploit mitigations to render previous exploitation techniques, for example for bypassing ASLR, ineffective. The talk concludes with a high-level look at how the iMessage exploit caught in-the-wild by Citizenlab in mid-2021 worked and in which ways it was affected by those hardening measures.