Team Pangu consists of several senior security researchers and focuses on mobile security research. Team Pangu is known for the multiple releases of jailbreak tools for iOS 7, iOS 8, and iOS 9. Team Pangu actively shares knowledge with the community and presents the latest research at well known security conferences including BlackHat, CanSecWest, POC, and Ruxcon.
[Abstract]
==========
In this talk, we will firstly disclose details of the kernel vulnerability that was exploited in Pangu9 jailbreak for iOS 9.3.3. Since the vulnerability is triggerable inside the container sandbox, Apple released an update(9.3.4) to fix the single bug in a short time. We will show how to exploit this bug to break KASLR and then gain arbitrary kernel code execution.
After discussing the bug, we will continue to introduce some security enhancements in iOS 10. In fact, iOS 10 has fixed lots of unpublished bugs and enhanced some security mechanisms such as KPP, sandbox and the kernel heap management. In addition, we will talk about new hardware based protection of iPhone7(Plus).