|
|
|
|
|
|
by xoa
3177 days ago
|
|
|
It looks like that setup work for their research environment was all covered in part 1 (all the parts are really interesting and worth a read if anyone hasn't already incidentally). Specifically, the reason they mention at the end of part 3 that >The exploit has been tested against the iPhone 7 running iOS 10.2 (14C92). was because iOS 10.2 has a known kernel exploit developed by Ian Beer [1], and they used that as part of the basis of subsequent research. Presumably they either found some iPhones still running 10.2 (which stopped being signed a long while back) or like many well funded researches just keep a set of different iPhones loaded with major iOS versions so they're ready to go for research if an exploit is found after signing stops (dedicated jailbreakers sometimes to the same thing if they can). And of course security patches themselves are handy for reverse engineering old exploits from whatever bugs Apple fixes. In part one read under "Kernel Memory Analysis Framework". ---- 1: https://googleprojectzero.blogspot.co.uk/2017/04/exception-o... |
|
|