![]() This blog provides an overview of an exploitation technique to bypass Pointer Authentication Code (PAC) which was introduced on all iOS devices since A12. At the same time, we have extended additional bounties to Boot Rom vulnerabilities and generic Local Privilege Escalations (LPEs) for Android devices, ideally, boot level LPEs.You can read more about our updated bounties for iOS (A12/A13), and Android in the following blog post: Checkm8 Implications on iOS DFIR, TFP0, #FreeTheSandbox, Apple, and Google Presently only PAC-enabled iOS devices cannot be inspected, hence we are no longer offering bounties for non PAC-enabled devices. However, PAC-enabled device owners are still restricted by iOS sandbox which inhibits full analysis of their own devices. Since the release of CheckM8, users can independently verify their devices’ integrity on non-PAC devices. Presently, we are releasing a TFP0 POC code on PAC enabled devices to empower users to independently verify the integrity of their own devices. ![]() In this blogpost we are delighted to announce that we have successfully obtained TFP0 for both non-PAC and PAC devices. In September we announced “ Task For Pwn 0 (TFP0): Operation #FreeTheSandbox”.
0 Comments
Leave a Reply. |