August 26
Local privilege escalation on Apple devices
Track 1

Apple has been introducing various security mitigations for years. Since macOS Big Sur / iOS 14, exploiting kernel memory corruption has been made a lot more difficult by introducing memory sequestering and kernel heaps. Apple continued to sabotage attackers’ efforts by introducing more mitigations against memory corruption vulnerabilities in macOS Monterey / iOS 15. At the time of writing, there is no public jailbreak for iOS 15, while the first public beta of macOS Ventura / iOS 16 is available.

This report focuses on how Apple significantly raised the bar for potential attackers to be able to gain privileged access to an up‑to‑date Apple device, covering differences and similarities of exploiting x86/M1 macOS and iOS.