iOS Kernel Heap Armageddon - Hakim
Share Embed Flag
Download ePaper

iOS Kernel Heap Armageddon - Hakim

iOS Kernel Heap Armageddon - Hakim iOS Kernel Heap Armageddon - Hakim

hakim.ws
28.11.2014 Views

Overwriting _MALLOC()ed Data • changing the size of a memory block • freeing the block will put it in the wrong freelist • smaller sizes will leak some memory • bigger sizes will result in buffer overflows size + 4 ⎧ ⎪ ⎪ ⎪ ⎨ ⎪ ⎪ ⎪ ⎩ size data Stefan Esser • iOS Kernel Heap Armageddon REVISITED • July 2012 • 26

What about kern_os_malloc(), new and new[] Stefan Esser • iOS Kernel Heap Armageddon REVISITED • July 2012 • 27

Overwriting _MALLOC()ed Data<br />

• changing the size of a memory block<br />

• freeing the block will put it in the wrong freelist<br />

• smaller sizes will leak some memory<br />

• bigger sizes will result in buffer overflows<br />

size + 4<br />

⎧<br />

⎪<br />

⎪<br />

⎪<br />

⎨<br />

⎪<br />

⎪<br />

⎪<br />

⎩<br />

size<br />

data<br />

Stefan Esser • <strong>iOS</strong> <strong>Kernel</strong> <strong>Heap</strong> <strong>Armageddon</strong> REVISITED • July 2012 •<br />

26

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!