drdoom
Crypto Adoption Advocate
Divine
2
MONTHS
2 2 MONTHS OF SERVICE
LEVEL 2
800 XP
The goal of this article is to demonstrate a (relatively) hard-to-reach
attack surface on iOS, and showing the entire process from the beginning
of the research till the point where a vulnerability is being found.
While exploitation is out of the scope in this article, understanding
the process of defining the attack surface, researching and while making
your life easier (see sections 4 and 9), can provide beginners and
expert hackers alike, a different approach for sandbox-accessible
vulnerability research.
The bug in question is CVE-2018-4109 [1], which was found by yours truly,
that is Adam Donenfeld (@doadam). A PoC of the vulnerability is also
available with this paper, and you're free to use it for educational
purposes only.
While an exploit can (IMO) be written for this vulnerability, I had too
many things to do (writing this paper for instance) but if you feel like
working on an exploit, feel free to write me if you want my help with it.
Without further ado - let's start.
attack surface on iOS, and showing the entire process from the beginning
of the research till the point where a vulnerability is being found.
While exploitation is out of the scope in this article, understanding
the process of defining the attack surface, researching and while making
your life easier (see sections 4 and 9), can provide beginners and
expert hackers alike, a different approach for sandbox-accessible
vulnerability research.
The bug in question is CVE-2018-4109 [1], which was found by yours truly,
that is Adam Donenfeld (@doadam). A PoC of the vulnerability is also
available with this paper, and you're free to use it for educational
purposes only.
While an exploit can (IMO) be written for this vulnerability, I had too
many things to do (writing this paper for instance) but if you feel like
working on an exploit, feel free to write me if you want my help with it.
Without further ado - let's start.
Loading…
www.phrack.org