Siriously Leaky: Exploring Overlooked Attack Surfaces in Apple's Ecosystem

Name: Siriously Leaky: Exploring Overlooked Attack Surfaces in Apple's Ecosystem
Description: Apple's iOS security model rests on a layered architecture combining hardware-backed authentication, process isolation via XPC, and tightly scoped permission frameworks. The implicit promise to users

Richard Im

DEF CON 33 · Day 2 · Main Stage

Apple's iOS security model rests on a layered architecture combining hardware-backed authentication, process isolation via XPC, and tightly scoped permission frameworks. The implicit promise to users

AI review

Richard Im identifies a class of iOS vulnerability where authentication gates the UI layer but not the underlying data accessible to privileged daemons — specifically, Siri/assistantd can retrieve Hidden Album photo assets via the Photos intent API after the album UI re-locks, because photosimageconversionservice caches image variants that assistantd can access without re-checking authentication state.

Watch on YouTube