The iOS Kernel Heap has been under constant development since its implementation was first discussed around the time of iOS 4 and 5. Since then several details of the implementation have changed and it has been hardened by Apple against heap exploitation attacks. Yet recent talks about iOS kernel exploitation have completely ignored these changes and presented the heap as if it had not changed at all. This talk will close this gap and give an detailed look at the current state of iOS kernel heap exploitation.
Within this session we will have a look at the current iOS kernel heap implementation as it is used in iOS 9 and iOS 10 beta versions and discuss what Apple has done to counter heap exploitation techniques used in the wild and how attackers can adapt. Furthermore we will briefly discuss the results of our research into new iOS 10 kernel exploitation mitigations that might already be visible in the betas.