Jonathan Levin

CTO of

Jonathan's Levin

Talk Title:

iOS 12 security changes - and beyond


iOS 12 brings numerous security changes, not the least of which is the new ARM64e architecture of the iPhone XS and later models - the first to incorporate ARMv8.3 instructions.

  • This talk examines the enhancements performed by Apple at the user mode and kernel levels of iOS 12, including:
    • Anti jailbreaking: The new CoreTrust.kext
    • APRR & PMAP Apertures, as an enhancement to the already existing KTRR
    • ARMv8.3 instructions - Pointer Authentication Codes, in user mode (DYLD) and kernel, including source code specifics (in DYLD) and reconstructed source (in XNU)

Additional detail is provided on ARMv8.5 enhancements ("Pointer Tagging") and how these are expected to inevitably affect iOS in the future - perhaps as soon as iOS 13 but perhaps later.


Author of "*OS Internals" and "Android Internals", CTO of, long time specializing in the internals of Linux and Darwin variants. Spoke at all major conferences save BlackHat.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved