How does this JavaScript hack your iPhone? YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys, today we're going in deeper with our analysis of the 'Coruna' iOS spyware that was recently exploited in the wild. Follow along as we de-obfuscate the stage-1 JavaScript exploit known as 'buffout', identify the core vulnerability trigger, and understand the exploitation strategy.

In this video we look at how the exploit achieves the 'addrof' primitive. This is a popular exploitation primitive used in WebKit exploits that allows the attacker to leak the actual memory address of arbitrary JavaScript objects.

My work-in-progress implementation of the exploit can be found here - https://github.com/Billy-Ellis/coruna-buffout/

~ bellis1000

References:
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
https://projectzero.google/2020/09/jitsploitation-one.html