iOS Kernel Heap Armageddon - Hakim
28.11.2014 Views
Share Embed Flag

iOS Kernel Heap Armageddon - Hakim

iOS Kernel Heap Armageddon - Hakim

iOS Kernel Heap Armageddon - Hakim

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
hakim.ws

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

OSString Memory Layout and Overwriting It<br />

• overwriting flags controls if string is freed or not<br />

• overwriting length<br />

• might allow kernel heap information leaks<br />

• on free memory end up in wrong kalloc zone<br />

• overwriting string ptr<br />

0x00<br />

0x04<br />

0x08<br />

0x0C<br />

0x10<br />

0x14<br />

vtable ptr + 8<br />

retainCount<br />

flags<br />

length<br />

string ptr<br />

• allows kernel heap information leaks<br />

• on free arbitrary pointer ends up in kalloc zone<br />

kalloc()ed memory<br />

Stefan Esser • <strong>iOS</strong> <strong>Kernel</strong> <strong>Heap</strong> <strong>Armageddon</strong> REVISITED • July 2012 •<br />

70

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!