Nikita Tarakanov

Independent security researcher

About the speaker

Nikita is currently engaged in reverse engineering research and vulnerability search authomation. Previously, he worked as a security researcher at Positive Technologies, Vupen Security, Intel Corporation, and Huawei. He likes writing exploits, especially for OS kernels. Nikita won the PHDays Hack2Own contest in 2011 and 2012. He has published a few papers about kernel mode drivers and their exploitation.
August 26
Track 1

Apple has been introducing various security mitigations for years. Since macOS Big Sur / iOS 14, exploiting kernel memory corruption has been made a lot more difficult by introducing memory sequestering and kernel heaps. Apple continued to sabotage attackers’ efforts by introducing more mitigations against memory corruption vulnerabilities in macOS Monterey / iOS 15. At the time of writing, there is no public jailbreak for iOS 15, while the first public beta of macOS Ventura / iOS 16 is available.

This report focuses on how Apple significantly raised the bar for potential attackers to be able to gain privileged access to an up‑to‑date Apple device, covering differences and similarities of exploiting x86/M1 macOS and iOS.