This talk will first discuss Apple's PAC implementation based on our tests, introduce an ancient bug in the XNU that is still affecting the latest official release of iOS (i.e. 12.1.4), and then elaborate how to exploit it to bypass PAC and gain arbitrary kernel read/write. By Tielei Wang and Hao Xu Full Abstract & Presentation Materials: https://www.blackhat.com/us-19/briefings/schedule/#attacking-iphone-xs-max-14444