DEF CON 31 - Apples Predicament - NSPredicate Exploitation on macOS and iOS - Austin Emmitt | allinfosecnews.com

Sept. 15, 2023, 9:29 p.m. | DEFCONConference

DEFCONConference www.youtube.com

In 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain …

apple arbitrary code aslr attackers austin code codesigning con def def con def con 31 devices escape exploit exploitation forcedentry ios macos mitigations restrictions result sandbox sandbox escape

More from www.youtube.com / DEFCONConference

DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker 2 months ago | www.youtube.com

con def def con def con 31 +5

DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang 8 months, 2 weeks ago | www.youtube.com

clouds con conflict culture +20

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 8 months, 2 weeks ago | www.youtube.com

abusing active directory authority con +19

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 8 months, 2 weeks ago | www.youtube.com

atm atms code code execution +20

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts 8 months, 2 weeks ago | www.youtube.com

actions attacker attackers con +14

DEF CON 31 - Defeating VPN Always On - Maxime Clementz 8 months, 2 weeks ago | www.youtube.com

access always on attack attack surface +22

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 8 months, 2 weeks ago | www.youtube.com

automotive automotive industry car car hacking +17

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 8 months, 2 weeks ago | www.youtube.com

analysis con def def con +17

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded … 8 months, 2 weeks ago | www.youtube.com

abusing automotive bus can bus +18

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com