This Week's Sponsor:

Kolide

Ensures that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.

New “antid0te” Jailbreak Hack to Bring ASLR to iOS Devices

While iOS devices are hardened with DEP (Data Execution Prevention) and application sandboxing to aid in preventing malicious code from touching running processes, you find it combination with ASLR (Address Space Layout Randomization) which makes it difficult for attackers to find where processes are located in the first place. ASLR isn’t currently implemented in iOS devices, but a German hacker has developed a new Jailbreaking method which may provide Jailbreakers with some additional peace of mind.

The Register reports that security consultant Stefan Esser of SektionEins will unveil the technique in Seoul, South Korea, during the Power of Community security conference on December 14. Last year’s Pwn2Own hacker contest made possible various exploits due to the lack of ASLR. Because addresses aren’t randomized, the same exploit can be used across iPhones.

While Jailbreaking itself doesn’t do security any favor by disabling aforementioned DEP and application sandboxing, Esser’s implementation of ASLR should provide additional security in preventing malicious payloads from executing on iOS devices. By reordering a file called dyld_shared_cache (which contains code that applications call upon to aid in various functions), Esser promises that his security implementation is stronger than what Apple provides in Snow Leopard, while also noting he’ll release a tool called antid0te that should simplify the install process for casual Jailbreakers.

[via The Register]

Join

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.

Former MacStories contributor.

cody@macstories.net