A closed-source mobile operating system developed by Apple for iPhone and iPad devices
MEMORY HOOK: Closed-source ≠ immune
iOS SECURITY MODEL (EXAM FOUNDATION)
Security Feature
Description
Code signing
Only signed apps can run
Sandboxing
App isolation
Secure Boot Chain
Verifies integrity at boot
App Store vetting
Apple review process
Data Protection API
File-level encryption
MEMORY HOOK: Sign → Sandbox → Secure Boot
WHY iOS IS STILL ATTACKED
Reason
Jailbreaking bypasses controls
User trust in App Store
Zero-day exploits
Phishing and configuration abuse
iOS THREAT CATEGORIES (EXAM LIST)
Category
Spyware
Malware
Trojans
Configuration profile abuse
Jailbreak-based attacks
Network-based attacks
JAILBREAKING — iOS (EXAM FAVORITE)
JAILBREAKING — DEFINITION
Item
Memorize
Jailbreaking
The process of removing iOS restrictions to gain root access
MEMORY HOOK: Jailbreak = root access
JAILBREAKING — SECURITY IMPACT
Impact
Disables code signing enforcement
Bypasses sandbox
Enables unauthorized apps
Breaks MDM enforcement
MEMORY HOOK: No sandbox, no trust
TYPES OF JAILBREAK (EXAM)
Type
Description
Tethered
Requires computer at boot
Semi-tethered
Partial functionality
Untethered
Persistent jailbreak
MEMORY HOOK: Un-tethered = persistent
iOS ATTACK VECTORS (MUST MEMORIZE)
1. MALICIOUS APPLICATIONS
Aspect
Description
Source
Third-party stores
Delivery
Jailbroken devices
Impact
Data theft, spyware
2. ENTERPRISE CERTIFICATE ABUSE
Aspect
Description
What
Misuse of Apple enterprise certificates
Result
Unsigned apps installed
Impact
Malware distribution
MEMORY HOOK: Enterprise cert = bypass gatekeeper
3. CONFIGURATION PROFILE ATTACKS
Aspect
Description
Method
Malicious profiles
Abuse
VPN, proxy, cert install
Result
Traffic interception
MEMORY HOOK: Profile = silent control
4. iOS SPYWARE
Capability
Call recording
SMS monitoring
GPS tracking
App data theft
5. NETWORK-BASED ATTACKS
Attack
Rogue Wi-Fi
MITM
SSL stripping
Fake certificates
iOS APP VULNERABILITIES (EXAM TABLE)
Vulnerability
Insecure local storage
Weak cryptography
Improper session handling
Hardcoded credentials
Insufficient certificate validation
iOS DATA STORAGE LOCATIONS (EXAM)
Location
Risk
Keychain
Credential exposure
SQLite DB
Plaintext data
Plist files
Config leaks
Cache files
Sensitive remnants
MEMORY HOOK: Keychain ≠ invincible
iOS COMMUNICATION THREATS
Threat
Insecure TLS
Invalid cert acceptance
Proxy interception
iOS SECURITY TOOLS (CEH EXPECTS RECOGNITION)
Tool
Purpose
Cydia
Package manager (jailbroken)
Frida
Runtime instrumentation
Objection
iOS runtime analysis
iFunBox
File system access
Burp Suite
Traffic interception
MEMORY HOOK: Frida = runtime control
iOS ATTACK CONSEQUENCES (EXAM TABLE)
Impact
Data leakage
Privacy violations
Credential theft
Corporate compromise
ANDROID VS iOS — EXAM COMPARISON (VERY HIGH YIELD)
Feature
Android
iOS
Source model
Open
Closed
Root access
Rooting
Jailbreaking
App vetting
Weak
Strong
Custom ROMs
Yes
No
Enterprise abuse
Less
More
MEMORY HOOK: Android = open risk, iOS = controlled risk
OBJECTIVE 03 — EXAM MEMORY BLOCK
iOS relies on code signing, sandboxing, and secure boot. Jailbreaking removes all protections. Attacks use malicious apps, enterprise certificates, and configuration profiles. Network interception and spyware remain key threats.