Apple's Predicament: NSPredicate Exploits on iOS and macOS | allinfosecnews.com

Jan. 22, 2024, 5:46 p.m. | Black Hat

Black Hat www.youtube.com

In 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain …

apple arbitrary code aslr attackers code codesigning devices escape exploit exploits forcedentry ios macos mitigations restrictions result sandbox sandbox escape

More from www.youtube.com / Black Hat

Locknote: Conclusions and Key Takeaways from Day 2 2 weeks, 3 days ago | www.youtube.com

black hat black hat europe board board members +15

Locknote: Conclusions and Key Takeaways from Day 1 2 weeks, 3 days ago | www.youtube.com

black hat black hat europe board board members +16

Keynote: My Lessons from the Uber Case 2 weeks, 3 days ago | www.youtube.com

addition best practices case convicted +16

Keynote: Industrialising Cyber Defence in an Asymmetric World 2 weeks, 4 days ago | www.youtube.com

adversaries challenge cyber cyber defence +10

The Black Hat Europe Network Operations Center (NOC) Report 2 weeks, 4 days ago | www.youtube.com

back black hat black hat europe center +14

My Invisible Adversary: Burnout 3 weeks, 1 day ago | www.youtube.com

adversary attackers attacks burnout +11

The Magnetic Pull of Mutable Protection: Worked Examples in Cryptographic Agility 3 weeks, 1 day ago | www.youtube.com

analysis ask bad codeql +10

A World-View of IP Spoofing in L4 Volumetric DoS Attacks - and a Call to … 3 weeks, 2 days ago | www.youtube.com

attacks call cloudflare detection +10

Collide+Power: The Evolution of Software-based Power Side-Channels Attacks 3 weeks, 2 days ago | www.youtube.com

addition attacks build collide+power +14

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States

View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India

View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone

View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA

View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com