How 1-Click Can Hack your iPhone (WebKit Exploitation Explained) YT

Description

Are you a security researcher or reverse engineer?

For 50% off IDA Products use promo code BILLY50, https://hex-rays.com/pricing *
For 30% off IDA Training use promo code BILLY30, https://hex-rays.com/training **

*License discounts are only valid for individuals, not corporations. Cannot be combined with any other promo code or discount.
** Cannot be combined with any other promo code or discount.

/////////////////////////////////////

Hey guys, in today's video we're talking about 1-click exploits on iOS, specifically focusing on browser entry points. The iOS and macOS Safari browser is powered by WebKit and JavaScriptCore. These components have been popular targets amongst the exploit community for many years.

In this video I break down how a browser exploit on iOS works by investigated a real-world example from a few years back. The bug I chose to work with in this video is CVE-2020-9802, which is a bug within the JIT compiler that can be used to get an out-of-bounds access primitive. Watch to learn how we leverage this to corrupt javascript objects, built more powerful primitives, and eventually get code execution within the WebContent process on iOS.

Thanks for watching
~ Billy

Original Project Zero writeup - https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html
Another implementation w/shellcode execution - https://github.com/wh1te4ever/totally-not-spyware-v2
Attacking Safar in 2022 - https://www.synacktiv.com/sites/default/files/2022-10/attacking_safari_in_2022_slides.pdf