Apple iOS 4 Security Evaluation

More documents

Recommendations

Info

Conclusion
FindingsThird-party applications without PIE support won’t get full ASLR andare easier to exploit, especially if they have an embedded web browserIn-House Distribution Certificates and Provisioning Profiles allow theirapps to run on all devices, Enterprise Developers should protect themAttackers could steal them and use OTA distribution and socialengineering to bypass Apple’s AppStore reviewAs of iOS 4.3, Safari’s dynamic-codesigning entitlement makesbrowser exploits require a ROP stage, not full ROPAll 140+ iOS Mach RPC servers are allowed through sandbox profile,may allow apps to perform undesirable actions
Page 1 and 2:
Apple iOS 4 Security EvaluationDino
Page 3 and 4:
AcknowledgementsiPhone jailbreak de
Page 5 and 6:
OverviewIntroductionASLRCode Signin
Page 7 and 8:
Security ConcernsSensitive data com
Page 9 and 10:
Persistence Attack GraphPrivileged
Page 11 and 12:
Security ConcernsHow hard is it to
Page 13 and 14:
ASLR with PIEExecutable Heap Stack
Page 15 and 16:
Partial vs. Full ASLRPIEMainExecuta
Page 17 and 18:
PIE in Real-World Apps?
Page 19 and 20: Bottom LineAll built-in apps in iOS
Page 21 and 22: Security ConcernsCan this applicati
Page 23 and 24: Mandatory Code SigningCode Signing
Page 25 and 26: Provisioning ProfilesThe Provisioni
Page 28 and 29: Distribution ModelsOn-Device Develo
Page 30 and 31: Code Signing InternalsAppleMobileFi
Page 32 and 33: MAC Hook API Description AMFI Usage
Page 34 and 35: Ad-Hoc Code SignatureExecutable=/De
Page 36 and 37: Code Signing Verificationvnode_chec
Page 38 and 39: Bypassing Code SigningIncomplete Co
Page 40 and 41: csopsint csops(pid_t pid, uint32_t
Page 42: CS Status FlagsFlag Value Descripti
Page 45 and 46: # ldid -e /Applications/MobileSafar
Page 47 and 48: Dynamic Code SigningThe dynamic-cod
Page 49 and 50: Sandboxing
Page 51 and 52: Sandboxing in iOSBased on same core
Page 53 and 54: Built-in Sandbox ProfilesBackground
Page 55 and 56: App Home DirectorySubdirectory.app/
Page 57 and 58: Mach Bootstrap ServersAll Mach task
Page 59 and 60: Bottom LineRemote exploits are most
Page 61 and 62: Security ConcernsWhat sensitive dat
Page 63 and 64: Encryption LayersEntire filesystem
Page 65 and 66: Data ProtectionCoverageIn iOS 4, DP
Page 67 and 68: Passcode KeyPasscode Key is derived
Page 69: Bottom Line6-character alphanumeric
Page 73 and 74: iOS vs. Android/BlackBerryHow does
Page 75 and 76: On JailbreakingModern jailbreaks re
Page 77 and 78: Hardware AdviceiPhone 3G and earlie
Page 79 and 80: One more thing...
Page 81: previewhobbyOne more thing...
Page 86 and 87: $99
Page 88 and 89: iOS Fuzz Farm• 4 x Apple TVs, swi
show all

Apple iOS 4 Security Evaluation

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?