iOS Kernel | Breaking Cybersecurity News | The Hacker News

As promised last week , Google's Project Zero researcher Ian Beer now publicly disclosed an exploit that works on almost all 64-bit Apple devices running iOS 11.1.2 or earlier, which can be used to build an iOS jailbreak, allowing users to run apps from non-Apple sources. On Monday morning, Beer shared the details on the exploit, dubbed "tfp0," which leveraged double-free memory corruption vulnerabilities in the kernel, the core of the operating system. Here, " tfp0 " stands for " task for pid 0 " or the kernel task port—which gives users full control over the core of the operating system. The Project Zero researcher responsibly reported these vulnerabilities to Apple in October, which were patched by the company with the release of iOS 11.2 on 2nd December. While Beer says he has successfully tested his proof of concept exploit on the iPhone 6s and 7, and iPod Touch 6G, he believes that his exploit should work on all 64-bit Apple devices. ...

Apple's new iOS 10 recently made headlines after MIT Technology Review revealed that the company had left the kernel of the mobile operating system unencrypted. Yes, the first developer preview of iOS 10 released at WWDC has an unencrypted kernel. When the headline broke, some of the users were surprised enough that they assumed Apple had made a mistake by leaving unencrypted kernel in iOS 10, and therefore, would get reverted in the next beta version of the operating system. However, Apple managed to confirm everyone that the company left the iOS 10 kernel unencrypted intentionally, as the kernel cache does not contain any critical or private information of users. On iOS, the kernel is responsible for things like security and how applications are capable of accessing the parts of an iPhone or an iPad. But, Why Apple had left the iOS wide open when other features like iMessage offer end-to-end encryption ? Apple did this on purpose, because by leaving the iOS 10 kernel ...

"A boxer derives the greatest advantage from his sparring partner…" — Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and—BANG—lands a right hand on Blue down the center. This wasn't Blue's first day and despite his solid defense in front of the mirror, he feels the pressure. But something changed in the ring; the variety of punches, the feints, the intensity – it's nothing like his coach's simulations. Is my defense strong enough to withstand this? He wonders, do I even have a defense? His coach reassures him "If it weren't for all your practice, you wouldn't have defended those first jabs. You've got a defense—now you need to calibrate it. And that happens in the ring." Cybersecurity is no different. You can have your hands up—deploying the right architecture, policies, and security measures—but the smallest gap in your defense could let an attacker land a kn...