"Keep your friends close, but your enemies closer." | ||
--Michael Corleone, The Godfather Part II |
In the previous chapter, you learned how to modify an application's behavior at runtime using dynamic analysis.
In this chapter, we will study how to obtain shell access on iDevice and also how to use iDevice as a pentesting device to get shell access of other devices. The iOS operating system is making it difficult with each successive version to find and exploit vulnerabilities in it but this doesn't mean that it's impossible. The attackers were able to find the vulnerabilities and exploit them as well as root iOS using jailbreak until the latest iOS 9.0.2 version was released. Recent iOS version 8.4.x was vulnerable to the AirDrop exploit that allows an attacker to overwrite files on a targeted device. So, there is always scope for exploitation. We will take a look at how the attackers were able to get shell access on iDevice with earlier iOS versions.
In this chapter...