Symposium sur la sécurité des technologies de l'information et des communications

Conférence francophone sur le thème de la sécurité de l'information.
Elle a eu lieu à Rennes du 1 au 3 juin 2022.

An Apple a day keeps the exploiter awayEloi Benoist-Vanderbeken, Fabien Perigaud

Date : 02 juin 2022 à 15:00 — 30 min.

Three years ago, we presented all the difficulties an attacker had to face when exploiting a state-of-the-art iPhone device. Back in the days, the amount of defense-in-depth was already quite impressive, and a public price for a full exploitation chain was 2M$. Nowadays, there have been 3 new major iOS versions and as many generations of iPhones, coming with their new software and hardware mitigation. This presentation aims at describing how Apple significantly raised the bar for an attacker to be able to gain a privileged access to an up-to-date iPhone 13 (the latest model when writing this abstract).