ebook img

Auditing and Exploiting Apple IPC PDF

104 Pages·2012·0.89 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Auditing and Exploiting Apple IPC

Auditing and Exploiting Apple IPC ianbeer Jailbreak Security Summit May 2015 About me: ● Security Researcher with Project Zero ● Won pwn4fun last year with a JavaScriptCore bug and some kernel bugs ● That macbook air now runs ubuntu :) ● Over the last year reported ~60 OS X sandbox escapes/priv-escs (10 still unpatched) ● Some accidentally also present on iOS This talk: ● Overview of (almost) all IPC mechanisms on iOS/OS X ● Quick look at Mach Message fundamentals ● Deep-dive into XPC services ● Exploiting XPC bugs ● fontd IPC and exploiting fontd bugs ● Mitigations and the future semaphores socketpair AppleEvents IPC Zoo signals domain sockets Pasteboard shmem fifo CFMessage Distributed A B NSXPC Port Notifications D CFPort MIG XPC O Mach Messages XNU Why care about IPC? Sandboxing You probably get initial code execution in some kind of sandbox in userspace… ● renderer/plugin process ● quicklook-satellite Plenty of stuff is still ● ntpd unsandboxed on OS X ● appstore app though (...Adobe Reader...) Sandbox escape models Privilege separation: Two parts of the same application work together to isolate dangerous code Untrusted helper Trusted “broker” IPC Sandboxed Unsandboxed Sandbox escape models Privilege separation: Two parts of the same application work together to isolate dangerous code Chrome PPAPI Plugin Browser IPC Sandboxed Unsandboxed Sandbox escape models Privilege separation: Two parts of the same application work together to isolate dangerous code WebContent WebKit2/Safari IPC Sandboxed Unsandboxed Sandbox escape models Privilege separation: Two parts of the same application work together to isolate dangerous code Some XPC thing An XPC Thing IPC Sandboxed Unsandboxed

Description:
fontd IPC and exploiting fontd bugs. ○ Mitigations and the future. Page 4. XNU. IPC Zoo. Mach Messages. MIG. XPC. D. O. Distributed. Notifications. CFPort. CFMessage .. lines of python). ○ Ran it . Reversing MiG function prototypes . https://www.mikeash.com/pyblog/friday-qa-2009-01-16.html.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.