The iOS is an amazing Operating system. Its user-friendly functions make a user feel easy and relaxed. It can also be used as a gaming console, with amazing graphics. Although, Apple has restricted the third-party apps to run on an iOS device, but some “jailbreak hackers” as you might call, have beaten Apple in this field and have found exploits in it. After doing this, they released softwares which allowed the iOS users to download/install apps or tweaks (via Cydia) without the consent of Apple. These softwares or jailbreaks as they are called, have also come in pretty useful for the iOS users, allowing them to choose any other carrier other than the one specified by Apple, and install any tweak or app.
If you are familiar with this field, then you must know about Stefen Esser, known on twitter as i0n1c, who is a jailbreak hacker.
Stefen Esser, found a exploit, which helped to jailbreak iOS 4.3.1 untethered (you dont have to connect your device with PC after every reboot to get jailbreak state). The same exploit was used in jailbreaking iOS 4.3.2 and 4.3.1.
Esser gave a presentation today, consisting of 97 pages based on the Kernel Exploit. If you do not know much about jailbreaking, this presentation is likely to surpass your brain. So don’t try, unless you are pretty experienced in the jailbreaking field.
This presentation briefed that,
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled “Targeting the iOS Kernel” already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
The complete presentation can be downloaded from this link.
