How do hackers escape the sandbox? YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys - today we're talking about the iOS sandbox and how Apple uses it to restrict what processes are allowed to do. We investigate the implementation of sandbox filters through the use of MACF hooks, we see how we can unsandbox our own apps using kernel r/w, and we discuss the general concepts involved in sandbox escape exploits used by hackers in iOS exploit chains.

Thanks for watching
~ bellis1000

References:
https://github.com/cellebrite-labs/sandblaster
https://projectzero.google/2023/10/an-analysis-of-an-in-the-wild-ios-safari-sandbox-escape.html
https://source.android.com/docs/security/features/selinux/concepts
https://github.com/doadam/ziVA/blob/628fc23332bcd4e96fdafb5e4048977b703e33e9/post_exploit.m#L68