#HITBGSEC

Описание: Six years ago a tweet about a broken elevator was the starting point of endless rumors and a gigantic hype in the jailbreak scene about a miraculous iOS jailbreak called elevat0r. While the name was originally a joke by some people who wanted to fool the jailbreaking scene since then it has been my goto name for all my private jailbreaks. Since then a long time has passed and all the vulnerabilities used in the original incarnation of the first elevat0r have been fixed by Apple. But their story has never been told so far.

In this session the audience will be introduced to the original iOS kernel vulnerability that was used for the first incarnation of the elevat0r jailbreak. It will be shown that Apple failed years ago in correctly fixing it and how the vulnerability itself has been exploited over the years in different iOS versions until Apple finally and silently fixed it with the release of iOS 9.

===

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German security company SektionEins GmbH that he co-founded. In 2010 he did his own ASLR implementation for Apple’s iOS and shifted his focus to the security of the iOS kernel and iPhones in general. Since then he has spoken about the topic of iOS security at various information security conferences around the globe. In 2012 he co-authored the book the iOS Hackers Handbook.