Stefan Esser (Head of R&D, SektionEins GmbH)

Presentation Title Antid0te 2.0 – ASLR in iOS
Presentation Abstract

When Antid0te the tool that adds ASLR protection to jailbroken iPhones was first presented in December 2010 nobody knew that only three months later Apple would add their own ASLR implementation to iOS 4.3.

This session will introduce the audience to both iOS ASLR implementations and explain their differences, weaknesses and strengths. It will be demonstrated how the randomization in Antid0te is superior to Apple’s implementation and how Apple’s move to ASLR made it possible to make Antid0te even better. It will also be demonstrated that with the right vulnerabilities any ASLR protection cannot stop successfull exploitation.

About Stefan Esser

Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot linux directly from the harddisk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the german web application company SektionEins GmbH that he co- founded.