iOS Kernel Heap Armageddon - Hakim
iOS Kernel Heap Armageddon - Hakim
iOS Kernel Heap Armageddon - Hakim
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Extra: Keeping Data Allocated<br />
• several places inside the kernel will keep the objects allocated for you<br />
• but if the data is immediately freed you can leak the memory<br />
• just abuse the retainCount freeze at 0xFFFE by creating many references<br />
<br />
<br />
AAAA<br />
...<br />
REFS<br />
<br />
<br />
<br />
<br />
...<br />
<br />
<br />
<br />
<br />
Stefan Esser • <strong>iOS</strong> <strong>Kernel</strong> <strong>Heap</strong> <strong>Armageddon</strong> REVISITED • July 2012 •<br />
97
Change language