By default, an app is only able to access about 10 drivers’ userclients, which is a relatively small amount of code. While the kernel has a large amount of userland-reachable functionality, much of this attack surface is not accessible due to sandboxing in iOS. For more information see HT210721 advisory. This post describes a series of vulnerabilities found in iOS 12.3.1, which when chained together allows execution of code in the context of the kernel.Īn independent Security Researcher, 08Tc3wBB, has reported this vulnerability to SSD Secure Disclosure program during TyphoonPwn event and was awarded 60,000$ USD for his discovery.Īpple has fixed the vulnerabilities in iOS 13.2. Reserve your spot for TyphoonCon and register to TyphoonPwn for your chance to win up to 500K USD in prizes. TyphoonCon will take place from June 15th to June 19th 2020, in Seoul, Korea. The Researcher was awarded an amazing sum of 60,000$ USD for his discovery! At our latest hacking competition: TyphoonPwn 2019, an independent Security Researcher demonstrated three vulnerabilities to our team which were followed by our live demonstration on stage. Each year, as part of TyphoonCon our All Offensive Security Conference, we are offering cash prizes for vulnerabilities and exploitation techniques found.
0 Comments
Leave a Reply. |