Apple iOS 4 Security Evaluation

More documents

Recommendations

Info

Bottom LineMandatory Code Signing in <strong>iOS</strong> is strong defense againstexecution of unauthorized binariesRequires incomplete code signing exploits to bypass andobtain return-oriented executionCode signing forces attackers to develop fully ROP payloadsDEP/NX only require a ROP stage to allocate newexecutable memory and copy shellcode into itJIT support in Safari reduces ROP requirements to a stage
Sandboxing
Page 1 and 2: Apple iOS 4 Security EvaluationDino
Page 3 and 4: AcknowledgementsiPhone jailbreak de
Page 5 and 6: OverviewIntroductionASLRCode Signin
Page 7 and 8: Security ConcernsSensitive data com
Page 9 and 10: Persistence Attack GraphPrivileged
Page 11 and 12: Security ConcernsHow hard is it to
Page 13 and 14: ASLR with PIEExecutable Heap Stack
Page 15 and 16: Partial vs. Full ASLRPIEMainExecuta
Page 17 and 18: PIE in Real-World Apps?
Page 19 and 20: Bottom LineAll built-in apps in iOS
Page 21 and 22: Security ConcernsCan this applicati
Page 23 and 24: Mandatory Code SigningCode Signing
Page 25 and 26: Provisioning ProfilesThe Provisioni
Page 28 and 29: Distribution ModelsOn-Device Develo
Page 30 and 31: Code Signing InternalsAppleMobileFi
Page 32 and 33: MAC Hook API Description AMFI Usage
Page 34 and 35: Ad-Hoc Code SignatureExecutable=/De
Page 36 and 37: Code Signing Verificationvnode_chec
Page 38 and 39: Bypassing Code SigningIncomplete Co
Page 40 and 41: csopsint csops(pid_t pid, uint32_t
Page 42: CS Status FlagsFlag Value Descripti
Page 45 and 46: # ldid -e /Applications/MobileSafar
Page 47: Dynamic Code SigningThe dynamic-cod
Page 51 and 52: Sandboxing in iOSBased on same core
Page 53 and 54: Built-in Sandbox ProfilesBackground
Page 55 and 56: App Home DirectorySubdirectory.app/
Page 57 and 58: Mach Bootstrap ServersAll Mach task
Page 59 and 60: Bottom LineRemote exploits are most
Page 61 and 62: Security ConcernsWhat sensitive dat
Page 63 and 64: Encryption LayersEntire filesystem
Page 65 and 66: Data ProtectionCoverageIn iOS 4, DP
Page 67 and 68: Passcode KeyPasscode Key is derived
Page 69 and 70: Bottom Line6-character alphanumeric
Page 71 and 72: FindingsThird-party applications wi
Page 73 and 74: iOS vs. Android/BlackBerryHow does
Page 75 and 76: On JailbreakingModern jailbreaks re
Page 77 and 78: Hardware AdviceiPhone 3G and earlie
Page 79 and 80: One more thing...
Page 81: previewhobbyOne more thing...
Page 86 and 87: $99
Page 88 and 89: iOS Fuzz Farm• 4 x Apple TVs, swi

Apple iOS 4 Security Evaluation

Create successful ePaper yourself

Delete template?

Save as template?