DEF CON 31 - Apples Predicament - NSPredicate Exploitation on macOS and iOS - Austin Emmitt | allinfosecnews.com

Sept. 15, 2023, 9:29 p.m. | DEFCONConference

DEFCONConference www.youtube.com

In 2021 the FORCEDENTRY sandbox escape introduced the usage of NSPredicate in an iOS exploit. This new technique allowed attackers to sidestep codesigning, ASLR, and all other mitigations to execute arbitrary code on Apple devices. As a result, Apple put in place new restrictions to make NSPredicate less powerful and less useful for exploits. This presentation will cover new research showing that these added restrictions could be completely circumvented in iOS 16, and how NSPredicates could be exploited to gain …

apple arbitrary code aslr attackers austin code codesigning con def def con def con 31 devices escape exploit exploitation forcedentry ios macos mitigations restrictions result sandbox sandbox escape

More from www.youtube.com / DEFCONConference

DEF CON 31 DCGVR Village - Allen Baranov -What Is A GRC Hacker 3 weeks, 4 days ago | www.youtube.com

con def def con def con 31 +5

DEF CON 31 - There Are No Mushroom Clouds in Cyberwar - Mieke Eoyang 7 months, 1 week ago | www.youtube.com

clouds con conflict culture +20

DEF CON 31 - A Broken Marriage Abusing Mixed Vendor Kerberos Stacks - Ceri Coburn 7 months, 1 week ago | www.youtube.com

abusing active directory authority con +19

DEF CON 31 - Contactless Overflow Code Execution in Payment Terminals & ATMs - Josep … 7 months, 1 week ago | www.youtube.com

atm atms code code execution +20

DEF CON 31 - The GitHub Actions Worm - Asi Greenholts 7 months, 1 week ago | www.youtube.com

actions attacker attackers con +14

DEF CON 31 - Defeating VPN Always On - Maxime Clementz 7 months, 1 week ago | www.youtube.com

access always on attack attack surface +22

DEF CON 31 Car Hacking Village - Automotive USB Fuzzing - Euntae Jang, Donghyon Jeong, … 7 months, 1 week ago | www.youtube.com

automotive automotive industry car car hacking +17

DEF CON 31 - Contextualizing The Vulkan Leaks & State Sponsored Offensive Ops - Joe … 7 months, 1 week ago | www.youtube.com

analysis con def def con +17

DEF CON 31 Car Hacking Village - Abusing CAN Bus Spec for DoS in Embedded … 7 months, 1 week ago | www.youtube.com

abusing automotive bus can bus +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Open-Source Intelligence (OSINT) Policy Analyst (TS/SCI)

@ WWC Global | Reston, Virginia, United States

View on infosec-jobs.com

Security Architect (DevSecOps)

@ EUROPEAN DYNAMICS | Brussels, Brussels, Belgium

View on infosec-jobs.com

Infrastructure Security Architect

@ Ørsted | Kuala Lumpur, MY

View on infosec-jobs.com

Contract Penetration Tester

@ Evolve Security | United States - Remote

View on infosec-jobs.com

Senior Penetration Tester

@ DigitalOcean | Canada

View on infosec-jobs.com