No user interaction required.
> kernel code l execution with persistence
Persistent malware with root privilege.
> kernel PAC bypass
I think PAC is some protection measures.
Pointer Authentication Code
It’s a form of pointer integrity checking that you can read about in the Platform Security Guide (this used to be called the iOS Security Whitepaper) released today: https://support.apple.com/en-sg/guide/security/seca5759bf02/...
Google’s Project Zero also wrote a post about this mechanism, including a detailed case study of where they were able to bypass it: https://googleprojectzero.blogspot.com/2019/02/examining-poi...
Pointer Authentication Code
It’s a form of pointer integrity checking that you can read about in the Platform Security Guide (this used to be called the iOS Security Whitepaper) released today: https://support.apple.com/en-sg/guide/security/seca5759bf02/...
Google’s Project Zero also wrote a post about this mechanism, including a detailed case study of where they were able to bypass it: https://googleprojectzero.blogspot.com/2019/02/examining-poi...