In December last year, I released the async_wake exploit for iOS 11.1.2. In this talk, I'll cover how each step of the exploit worked and discuss in depth each mitigation which was defeated along the way.
I'll focus on what was supposed to make exploitation hard, what techniques other public exploits would have used in earlier iOS versions, and what mitigations we might see in iOS 12 and beyond (and how to break those too!).