This course teaches learners how to automatically detect flaws in iOS sandbox profiles. The learning outcomes include understanding the iOS architecture, the iOS sandbox, and the research question addressed. The course covers the solution overview, human-readable graph, sandbox profile language, examples, and the disclosure process. Individual skills taught include identifying writable files, conducting proof of concept tests, and interpreting results. The teaching method involves presenting information through slides and examples. This course is intended for individuals interested in iOS security, sandbox profiles, and vulnerability detection.
SandScout - Automatic Detection of Flaws in iOS Sandbox Profiles
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Flaws
iOS Architecture
iOS Sandbox
Research Question
Solution Overview
Human readable Graph
Sandbox Profile Language
Example
Questions
Writable files
Proof of concept
How it works
Results
Disclosure Process
Apple Maps
iTunes
Directory
Denial of Service
Bypass against Contacts
CDE 2015001
Conclusion
Taught by
ACM CCS
